umutcamliyurt/IntegrityGuard
GitHub: umutcamliyurt/IntegrityGuard
一款支持 YubiKey 双因素认证的文件完整性监控工具,通过加密哈希校验来检测关键文件是否被篡改。
Stars: 9 | Forks: 0
# IntegrityGuard
## 一款用于监控重要文件完整性的高度安全工具
## 描述:
该工具通过对所选目录及其子目录中的文件进行哈希处理并安全地存储文件数据,来检查文件的完整性。它会监控任何更改或修改,识别文件中任何未经授权的篡改或损坏。这对于关键系统文件、配置文件、操作系统的 bootloader 或敏感文档特别有用。如果攻击者试图修改设备上的系统文件或数据(例如,植入恶意软件或后门),这些更改将在完整性检查期间被检测到。建议从 live USB([Tails OS](https://tails.net))运行此工具。
## 功能:
- 对所选目录及其子目录中的所有文件进行校验和计算
- 支持 YubiKey 用于 2FA
- 使用从密码 + YubiKey challenge-response 派生的加密 key 加密校验和以供存储
- 使用加密的校验和文件扫描目录中的更改
- 它可以通过监控系统 ``` /boot ``` partition 的完整性来检测 [evil maid attacks](https://www.kicksecure.com/wiki/AEM#Introduction)
- 它可以检查整个 SSD/HDD 的完整性以发现更改
## 技术细节:
- 使用 AES-256-GCM 进行加密
- YubiKey HMAC-SHA1 challenge-response
- 使用 1MB chunks 进行 SHA-512 哈希处理
- 使用 1 个 thread、64MB 内存和 4 次迭代进行 Argon2id key derivation
## 安装说明:
### 选项 1:
从 releases 中[下载](https://github.com/umutcamliyurt/IntegrityGuard/releases)
### 选项 2:
运行以下命令:
```
$ go install -v github.com/umutcamliyurt/IntegrityGuard@latest
```
## 用法:
### 选项:
```
Usage of ./IntegrityGuard:
-check
Check integrity of the selected directory
-dir string
The directory to hash and monitor for integrity
-password string
Encryption password for checksum storage (if omitted, you will be prompted for hidden input)
-verbose
Enable verbose output
-yubikey
Require a YubiKey (HMAC-SHA1 challenge-response) as a second factor in addition to the password
-yubikey-slot int
YubiKey challenge-response slot to use (1 or 2) (default 2)
```
### 生成目录的校验和:
```
./IntegrityGuard -yubikey -dir Documents
Enter password:
Confirm password:
[========================================] 2698/2698
Waiting for YubiKey response (touch the device now if it requires confirmation)...
Hashes stored in /home/user/Documents.hashes.enc
This database now requires the same YubiKey (slot 2) to verify integrity.
Keep a backup YubiKey configured with the same secret in case this one is lost or destroyed.
```
### 检查目录的完整性:
#### 通过:
```
./IntegrityGuard -yubikey -dir Documents -check
Enter password:
Waiting for YubiKey response (touch the device now if it requires confirmation)...
[========================================] 2698/2698
Integrity check successful. All files are verified. ✔️
```
#### 失败:
```
./IntegrityGuard -yubikey -dir Documents -check
Enter password:
Waiting for YubiKey response (touch the device now if it requires confirmation)...
[========================================] 2698/2698
Integrity check failed for: Customer_Database_Export.pdf
New file detected: test Legal/Contracts/Agreement.txt
Deleted file detected: Research/Security_Analysis/latest.doc
Integrity check failed. Some files are missing or have been modified. ❌
```
## 许可证
基于 MIT License 分发。查看 `LICENSE` 了解更多信息。
## 一款用于监控重要文件完整性的高度安全工具
## 描述:
该工具通过对所选目录及其子目录中的文件进行哈希处理并安全地存储文件数据,来检查文件的完整性。它会监控任何更改或修改,识别文件中任何未经授权的篡改或损坏。这对于关键系统文件、配置文件、操作系统的 bootloader 或敏感文档特别有用。如果攻击者试图修改设备上的系统文件或数据(例如,植入恶意软件或后门),这些更改将在完整性检查期间被检测到。建议从 live USB([Tails OS](https://tails.net))运行此工具。
## 功能:
- 对所选目录及其子目录中的所有文件进行校验和计算
- 支持 YubiKey 用于 2FA
- 使用从密码 + YubiKey challenge-response 派生的加密 key 加密校验和以供存储
- 使用加密的校验和文件扫描目录中的更改
- 它可以通过监控系统 ``` /boot ``` partition 的完整性来检测 [evil maid attacks](https://www.kicksecure.com/wiki/AEM#Introduction)
- 它可以检查整个 SSD/HDD 的完整性以发现更改
## 技术细节:
- 使用 AES-256-GCM 进行加密
- YubiKey HMAC-SHA1 challenge-response
- 使用 1MB chunks 进行 SHA-512 哈希处理
- 使用 1 个 thread、64MB 内存和 4 次迭代进行 Argon2id key derivation
## 安装说明:
### 选项 1:
从 releases 中[下载](https://github.com/umutcamliyurt/IntegrityGuard/releases)
### 选项 2:
运行以下命令:
```
$ go install -v github.com/umutcamliyurt/IntegrityGuard@latest
```
## 用法:
### 选项:
```
Usage of ./IntegrityGuard:
-check
Check integrity of the selected directory
-dir string
The directory to hash and monitor for integrity
-password string
Encryption password for checksum storage (if omitted, you will be prompted for hidden input)
-verbose
Enable verbose output
-yubikey
Require a YubiKey (HMAC-SHA1 challenge-response) as a second factor in addition to the password
-yubikey-slot int
YubiKey challenge-response slot to use (1 or 2) (default 2)
```
### 生成目录的校验和:
```
./IntegrityGuard -yubikey -dir Documents
Enter password:
Confirm password:
[========================================] 2698/2698
Waiting for YubiKey response (touch the device now if it requires confirmation)...
Hashes stored in /home/user/Documents.hashes.enc
This database now requires the same YubiKey (slot 2) to verify integrity.
Keep a backup YubiKey configured with the same secret in case this one is lost or destroyed.
```
### 检查目录的完整性:
#### 通过:
```
./IntegrityGuard -yubikey -dir Documents -check
Enter password:
Waiting for YubiKey response (touch the device now if it requires confirmation)...
[========================================] 2698/2698
Integrity check successful. All files are verified. ✔️
```
#### 失败:
```
./IntegrityGuard -yubikey -dir Documents -check
Enter password:
Waiting for YubiKey response (touch the device now if it requires confirmation)...
[========================================] 2698/2698
Integrity check failed for: Customer_Database_Export.pdf
New file detected: test Legal/Contracts/Agreement.txt
Deleted file detected: Research/Security_Analysis/latest.doc
Integrity check failed. Some files are missing or have been modified. ❌
```
## 许可证
基于 MIT License 分发。查看 `LICENSE` 了解更多信息。标签:EVTX分析, Golang, YubiKey认证, 加密工具, 安全编程, 日志审计, 防篡改