Announcing a File-Based Integrity Checker


#1

I’m happy to announnce the initial release of a file-based integrity checker written in Rust that I’ve been developing in my free time. If anyone here has feedback on the tool, please let me know.

Why a file-based integrity checker?

Suppose you use Dropbox or a similar sync tool. In theory, these tools are supposed to follow an implicit contract that they don’t modify any of your files behind your back. However, in practice there is nothing to stop them from doing so, aside from your trust in the developers and their development processes. As we all know, in real life software has bugs, no matter how good your process is.

For that matter, this can happen on any live filesystem. Even with a nice setup with ZFS and ECC RAM, or similar, your filesystem can’t be expected to know the difference between the user’s normal access patterns and a program going rogue and scribbling bad data over a bunch of files. In general, the longer you keep a filesystem running, the higher the chance you may have inadvertently done something bad and not noticed. It would be nice to have at least some level of protection against this.

Checking a static filesystem is easy. You keep a database of file checksums, and then you can validate the contents of the filesystem match the database.

Live filesystems don’t play so nice. Files may have been edited through the course of normal operation, so you can’t simply throw an error on any change whatsoever. In general the user is the only one who knows what a “normal” change is. Therefore the goal is to show a helpful summary of changes made, and flag changes that seem especially suspicious. Then it’s up to the user to decide what to investigate in more depth.

Ok, what exactly does it do?

The tool has two basic functions.

Given a directory, the tool generates a database of metadata (such as checksums and statistics about file contents).

Given two databases (or a database and a directory), the tool summarizes the differences (files added, removed, changed, and any suspicious changes).

Current status

The 0.1 release is a reasonably feature-complete proof-of-concept. The checks for suspicious changes are not that sophisticated at the moment, but are sufficient to catch some real, historical (and since fixed) Dropbox bugs. More checks could be integrated in the future to provide more extensive protection.

Installation and Usage

See the project page for installation and usage instructions, and other information.