You can’t use Tripwire for administrative or political reasons, but you want to snapshot your files for later comparison. You don’t have enough disk space to mirror your files.

Run a script like the following that stores pertinent information about each file of interest, such as checksum, inode number, and timestamp:

#!/bin/sh
for file
do
    date=`/usr/bin/stat "$file" | /bin/grep '^Modify:' | /usr/bin/cut -f2- -d' '`
    sum=`/usr/bin/md5sum "$file" | /usr/bin/awk '{print $1}'`
    inode=`/bin/ls -id "$file" | /usr/bin/awk '{print $1}'`
    /bin/echo -e "$file\t$inode\t$sum\t$date"
done

Store this script as /usr/local/bin/idfile (for example). Use find to run this script on your important files, creating a snapshot. Store it on read-only media. Periodically create a new snapshot and compare the two with diff .

This is not a production-quality integrity checker. It doesn’t track file ownership or permissions. It checks only ordinary files, not directories, device special files, or symbolic links. Its tools (md5sum, stat, etc.) are not protected against tampering.