Osiris is a Host Integrity Monitoring System that periodically monitors one or more hosts for change. It maintains detailed logs of changes to the file system, user and group lists, resident kernel modules, and more. In order to use Osiris, you have to have osirismd daemon running.
First we need to create Osiris certificate file using openssl, with this command:
openssl req -new -x509 -extensions v3_ca -keyout \
private/cakey.pem -out osiris_root.pem -days 365
Make sure create the directory “certs” and “private” in the hidden folder /.osiris, this is also where the osiris_root.pem will reside.
After that you can connect to osirismd by simply typing osiris on the console. Login as the user admin with no password:
You can create a new host by typing “new-host” which will result in a series of questions which you could either ignore and use default or customize it on your own liking:
You can initialize the host and start the scanning process:
To verify baseline databe type list-db local (local is the name of my database):
For more information about Osiris visit the website: http://osiris.shmoo.com/
Also check out the mass deployment howto of osiris by linuxsicurity.com:
Also interesting to see how Osiris fair against other File Integrity Checkers: