#hash #logging #config #send #file #config-file #authentication #logs

nightly app snitch

Intrusion detection and file integrity verification

2 releases

0.1.3 Jun 17, 2022
0.1.2 Jun 17, 2022
0.1.1 Jun 10, 2022

MIT license

620 lines

Snitch - Intrusion Notification


Snitch is a file integrity and authentication monitoring system.

  • Snitch calculates and stores hashes of files found by recursing user defined directory trees. If a file hash changes Snitch will send a warning to the user (via email or telegram) to notify about the modified file.

  • Snitch also watches authentication logs and sends a notification when user logs in.


This is work in progress that requires rust nightly features:

rustup default nightly

On a plain Ubuntu/Debian you also need to:

apt install gcc build-essential pkg-config libssl-dev


cargo install snitch

Note that access to root level folders and monitoring authentication logs usually requires an installation as root.


Run the initial scan

snitch --init

and trigger a scan to verify file integrity with

snitch --scan

To start watching authentication logs use:

snitch --watch


Snitch can be configured in etc/snitch/config.yaml. If that file does not exist you can run

snitch --demo-config > /etc/snitch/config.yaml

to create a template that should be fine on Ubuntu and Debian.

All files found under directories in that file will be integrity checked.

Notification Channels


Requires environment variables: TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID.


Requires environment variables: SLACK_WEBHOOK_URL and SLACK_CHANNEL.


Requires environment variables: SMTP_SERVER, SMTP_USER and SMTP_PASSWORD. Note, that storing email credentials on your system in clear text is a rather high risk once someone gained access. Thus, this should rather be used for development for now.


Ubuntu20.04 (~150.000 files) takes about one minute to hash on one virtual CPU using SHA265 hashing.


~884K SLoC