https://github.com/varppi/syscanary

Alerts you when things in your system change
https://github.com/varppi/syscanary

cyberse detection-en monitoring

Last synced: 10 months ago
JSON representation

Alerts you when things in your system change

• Host: GitHub
• URL: https://github.com/varppi/syscanary
• Owner: varppi
• License: gpl-3.0
• Created: 2025-05-15T14:52:12.000Z (about 1 year ago)
• Default Branch: main
• Last Pushed: 2025-08-09T07:17:34.000Z (10 months ago)
• Last Synced: 2025-08-09T08:51:22.273Z (10 months ago)
• Topics: cyberse, detection-en, monitoring
• Language: Go
• Homepage:
• Size: 37.1 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          




   

  

  



This is basically tripwire, but for your server. The idea is that you set up Syscanary to monitor changes in things that would indicate a system compromise or a malfunction so you can detect and mitigate the problem(s) early on.


## Features

Syscanary can currently monitor changes in:

- File system

- USB devices

- Internet connectivity

- Open ports (currently only Linux support)

## Installation

```bash

sudo apt update && sudo apt install golang  

go install github.com/Varppi/syscanary/cmd/syscanary

export PATH=$PATH:~/go/bin

```

## Usage

`syscanary`

## Configuration

Open syscanary.json and make your configurations:

```

{

    "loglevel": 1, <-- 0=debug 1=info 2=error

    "logfile": "alerts.log", <-- remove if you want to have console output 

    "detections": ["usb", "integrity", "ports", "internet"], <-- remove or add modules to enable or disable them

    "modules": { <-- DO NOT REMOVE ANY MODULES FROM HERE AND DON'T LEAVE SETTINGS EMPTY!!!

        "integrity": {

            "interval": 1, <-- how many seconds it will wait before checking again

            "paths": ["/var/log"]

        },

        "usb": {

            "interval": 1

        },

        "ports": {

            "interval": 1,

            "ignorelocal": true <-- doesn't alert when local binds change

        },

        "internet": {

            "interval": 1,

            "domain": "example.com" <-- domain to test the connectivity on

        }

    }

}

```

Config without comments:

```json

{

    "loglevel": 1,

    "detections": ["usb", "integrity", "ports", "internet"],

    "modules": {

        "integrity": {

            "interval": 1,

            "paths": ["/var/log"]

        },

        "usb": {

            "interval": 1

        },

        "ports": {

            "interval": 1,

            "ignorelocal": true

        },

        "internet": {

            "interval": 1,

            "domain": "example.com"

        }

    }

}

```