This content originally appeared on DEV Community and was authored by pkdev23
Detecting File Changes in 2-3 Seconds: Python File Integrity Monitoring
I built CoNum - an open-source file integrity monitor that detects unauthorized changes in 2 - 3 seconds and generates forensic-grade reports.
GitHub: https://github.com/pkdev23/conum
The Problem
Traditional file monitoring solutions are either:
- Too expensive (Tripwire: $5,000+/year)
- Too slow (polling-based tools take minutes)
- Too complex (OSSEC takes days to configure)
- Too limited (Git hooks only work on commits)
I needed something that detects critical file changes instantly - for production configs, SSH keys, deployment scripts, and .env files.
CoNum in 30 Seconds
What It Does
- ⚡ 2-3 seconds detection using filesystem events (not polling)
- 🔔 Email alerts with PDF reports showing line-by-line changes
- 🛡️ Risk scoring (0-10) based on keywords and patterns
- 💾 Local SQLite database for complete audit trail
- 📤 SIEM-ready export (JSONL, CEF, CSV formats)
How It Works
- Monitor critical files with Watchdog (filesystem events)
- Calculate SHA-256 hashes for tamper detection
- Store changes in SQLite with forensic details
- Alert immediately via email with detailed reports
Why It’s Different
- Code-focused (not OS files like Tripwire/OSSEC)
- 2-second detection (not minutes)
- 5-minute setup (not days)
- Free/$249 (not $5,000+/year)
Real-World Use Cases
✅ Detect SSH backdoors - Monitor authorized_keys for unauthorized access
✅ Track config changes - Alert on .env, nginx.conf, database configs
✅ Compliance auditing - Generate reports for SOC 2, ISO 27001, PCI-DSS
✅ Incident response - Know exactly what files changed during a breach and how they were changed
✅ Deployment verification - Ensure scripts weren’t tampered with
Quick Comparison
| Feature | CoNum | Tripwire | OSSEC | Git Hooks |
|---|---|---|---|---|
| Price | Free/$249 | $5,000+/year | Free | Free |
| Setup | 5 min | Days | Hours | Minutes |
| Detection | 2 sec | Minutes | Minutes | Commit-only |
| SIEM | ✅ | ✅ | ✅ | ❌ |
| Dashboard | ✅ | ❌ | ❌ | ❌ |
Installation
git clone https://github.com/pkdev23/conum.git
cd conum
pip install -r requirements.txt
python conum_rack.py
That’s it. No Docker, no complex configs, no external databases.
Tech Stack
- Python 3.11+ with Watchdog for filesystem events
- SHA-256 hashing for integrity verification
- SQLite with WAL for crash-safe storage
- Tkinter GUI for native macOS/Windows interface
- SMTP for email alerts with PDF reports
Platforms: macOS, Windows
Get Started
Free Version: Monitor up to 4 files
Pro Version: 16 files, SIEM export, risk scoring ($249)
👉 Full details, screenshots, and source code:
https://github.com/pkdev23/conum
GitHub Issues: https://github.com/pkdev23/conum/issues
Email: pk_dev@gmx.at
If this sounds useful, please ⭐ star the repo on GitHub!
Tags
python #security #devops #opensource
This content originally appeared on DEV Community and was authored by pkdev23
pkdev23 | Sciencx (2025-10-12T09:17:30+00:00) Detecting File Changes in 2 Seconds: Python File Integrity Monitoring. Retrieved from https://www.scien.cx/2025/10/12/detecting-file-changes-in-2-seconds-python-file-integrity-monitoring/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.