Implementation of file interpolation detection system

Abstract

Recently we have found a high possibility to encounter file interpolation and Web defacements by vicious crackers and software. It is not easy for us to find such interpolated files because of the numbers and volumes of files are great in computer systems. We need a good tool such as "Tripwire" for that purpose. However, such a system is only for system administrators and not for users. It is also difficult for administrators to set up the configuration file to do the suitable file check. We implemented the file interpolation detection system for both administrators and users. The system detects insertion, deletion, and modification (interpolation) of files. Both administrators and users can check the files concerned to themselves and get the result. Users can update the file specification information in the database by command, then it makes the system possible to avoid finding of the error interpolation. The system can be periodically executed by CRON or on demand by users, and then compares the value of MD5 for each file to detect file interpolation. The system has the command line interface and Web interface. The system first creates the database that contains full path file name, last update time, and values of MD5 according to the information set-upped by users that specifies the location to check for each user. It judges the insertion and deletion of files by the existence and no existence of records in the database. It also judges the file interpolation by the comparison with the value of MD5 for every file. It reports the result by e-mail, in command line interface, or in Web interface.