Does any one know of a (preferably free) windows utility that recursively hashes all the files in a directory tree every x minutes and sends a notification if any files have changed.
I want to have a tool to notify me by email when any of the code files on a web server changes in order to know when the site has been hacked or compromised with malicious code.
You are asking for a file integrity monitor (FIM), but since you are interested only on the files from your web site, you can probably do it remotely.
1-For FIM locally on the box, I would suggest OSSEC. It runs natively on Windows and allows centralized configuration (if you need that).
2-For FIM remotely (or Network-based Integrity Monitoring), I would suggest NBIM, which is freely available at: http://sucuri.net (note that I am the developer of this tool, so take my opinion with a grain of salt).
The best option, I believe would be a remote FIM, since the chances of it getting compromised are smaller than an internal integrity database and it also detects external violations (like someone altering DNS records to redirect your site somewhere else).
Here is a pretty good list for a starting point in this area
http://www.windowsecurity.com/software/File-integrity-checkers/
Check out OSSEC. It does what your looking for and more.
This is a solution with
Cygwin
installed withmd5sum
andfind
utility.First, get the list of files from the base directory.
Then, compute the MD5 checksum to a file.
Now, you can check whenever you want with,
or,
That just gives a status value at the end -- 0 for match and 1 for mismatch, that can be checked immediately after the command with,
You can use the windows 'at' command or cygwin to schedule this as regularly as you want.
Just remember to update files.txt when you have new files created in the directory. While missing files will be listed, new files will not be checked at all.
Website watcher can remotely monitor your site and can notify you via email of page changes. Website Watcher Personally I'd spend more time/effort on making sure you have proper off site backups so you can restore files if there is a problem.