October 12, 2025
Random News

Paradise Solution Newspaper

Best News Website

Author Info

Author Name

Find Me On

Trending News

Detecting File Changes in 2 Seconds: Python File Integrity Monitoring

psitbdUser04 mins




Detecting File Changes in 2-3 Seconds: Python File Integrity Monitoring

I built CoNum – an open-source file integrity monitor that detects unauthorized changes in 2 – 3 seconds and generates forensic-grade reports.

GitHub: https://github.com/pkdev23/conum



The Problem

Traditional file monitoring solutions are either:

  • Too expensive (Tripwire: $5,000+/year)
  • Too slow (polling-based tools take minutes)
  • Too complex (OSSEC takes days to configure)
  • Too limited (Git hooks only work on commits)

I needed something that detects critical file changes instantly – for production configs, SSH keys, deployment scripts, and .env files.



CoNum in 30 Seconds



What It Does

  • 2-3 seconds detection using filesystem events (not polling)
  • 🔔 Email alerts with PDF reports showing line-by-line changes
  • 🛡️ Risk scoring (0-10) based on keywords and patterns
  • 💾 Local SQLite database for complete audit trail
  • 📤 SIEM-ready export (JSONL, CEF, CSV formats)



How It Works

  1. Monitor critical files with Watchdog (filesystem events)
  2. Calculate SHA-256 hashes for tamper detection
  3. Store changes in SQLite with forensic details
  4. Alert immediately via email with detailed reports



Why It’s Different

  • Code-focused (not OS files like Tripwire/OSSEC)
  • 2-second detection (not minutes)
  • 5-minute setup (not days)
  • Free/$249 (not $5,000+/year)



Real-World Use Cases

Detect SSH backdoors – Monitor authorized_keys for unauthorized access

Track config changes – Alert on .env, nginx.conf, database configs

Compliance auditing – Generate reports for SOC 2, ISO 27001, PCI-DSS

Incident response – Know exactly what files changed during a breach and how they were changed
Deployment verification – Ensure scripts weren’t tampered with



Quick Comparison

Feature CoNum Tripwire OSSEC Git Hooks
Price Free/$249 $5,000+/year Free Free
Setup 5 min Days Hours Minutes
Detection 2 sec Minutes Minutes Commit-only
SIEM
Dashboard



Installation

git clone https://github.com/pkdev23/conum.git
cd conum
pip install -r requirements.txt
python conum_rack.py
Enter fullscreen mode

Exit fullscreen mode

That’s it. No Docker, no complex configs, no external databases.



Tech Stack

  • Python 3.11+ with Watchdog for filesystem events
  • SHA-256 hashing for integrity verification
  • SQLite with WAL for crash-safe storage
  • Tkinter GUI for native macOS/Windows interface
  • SMTP for email alerts with PDF reports

Platforms: macOS, Windows



Get Started

Free Version: Monitor up to 4 files

Pro Version: 16 files, SIEM export, risk scoring ($249)

👉 Full details, screenshots, and source code:

https://github.com/pkdev23/conum

GitHub Issues: https://github.com/pkdev23/conum/issues

Email: pk_dev@gmx.at

If this sounds useful, please ⭐ star the repo on GitHub!



Tags



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Related News