DEV Community

pkdev23
pkdev23

Posted on

Detecting File Changes in 2 Seconds: Python File Integrity Monitoring

#python #security #git #devops

Detecting File Changes in 2-3 Seconds: Python File Integrity Monitoring

I built CoNum - an open-source file integrity monitor that detects unauthorized changes in 2 - 3 seconds and generates forensic-grade reports.

GitHub: https://github.com/pkdev23/conum

The Problem

Traditional file monitoring solutions are either:

  • Too expensive (Tripwire: $5,000+/year)
  • Too slow (polling-based tools take minutes)
  • Too complex (OSSEC takes days to configure)
  • Too limited (Git hooks only work on commits)

I needed something that detects critical file changes instantly - for production configs, SSH keys, deployment scripts, and .env files.

CoNum in 30 Seconds

What It Does

  • 2-3 seconds detection using filesystem events (not polling)
  • 🔔 Email alerts with PDF reports showing line-by-line changes
  • 🛡️ Risk scoring (0-10) based on keywords and patterns
  • 💾 Local SQLite database for complete audit trail
  • 📤 SIEM-ready export (JSONL, CEF, CSV formats)

How It Works

  1. Monitor critical files with Watchdog (filesystem events)
  2. Calculate SHA-256 hashes for tamper detection
  3. Store changes in SQLite with forensic details
  4. Alert immediately via email with detailed reports

Why It’s Different

  • Code-focused (not OS files like Tripwire/OSSEC)
  • 2-second detection (not minutes)
  • 5-minute setup (not days)
  • Free/$249 (not $5,000+/year)

Real-World Use Cases

Detect SSH backdoors - Monitor authorized_keys for unauthorized access

Track config changes - Alert on .env, nginx.conf, database configs

Compliance auditing - Generate reports for SOC 2, ISO 27001, PCI-DSS

Incident response - Know exactly what files changed during a breach and how they were changed
Deployment verification - Ensure scripts weren’t tampered with

Quick Comparison

Feature CoNum Tripwire OSSEC Git Hooks
Price Free/$249 $5,000+/year Free Free
Setup 5 min Days Hours Minutes
Detection 2 sec Minutes Minutes Commit-only
SIEM
Dashboard

Installation 

git clone https://github.com/pkdev23/conum.git
cd conum
pip install -r requirements.txt
python conum_rack.py
Enter fullscreen mode Exit fullscreen mode

That’s it. No Docker, no complex configs, no external databases.

Tech Stack

  • Python 3.11+ with Watchdog for filesystem events
  • SHA-256 hashing for integrity verification
  • SQLite with WAL for crash-safe storage
  • Tkinter GUI for native macOS/Windows interface
  • SMTP for email alerts with PDF reports

Platforms: macOS, Windows

Get Started

Free Version: Monitor up to 4 files

Pro Version: 16 files, SIEM export, risk scoring ($249)

👉 Full details, screenshots, and source code:

https://github.com/pkdev23/conum

GitHub Issues: https://github.com/pkdev23/conum/issues

Email: pk_dev@gmx.at

If this sounds useful, please ⭐ star the repo on GitHub!

Tags

python #security #devops #opensource

Top comments (0)