integrit howto

usage:

      integrit -C conffile [-x] [-u] [-c]
      integrit -V
      integrit -h

options:
        
      -C        specify configuration file
      -x        use XML output instead of human-readable output
      -u        do update: create current state database
      -c        do check: verify current state against known db
      -V        show integrit version and exit
      -h        show this help

   Briefly, the idea is to do this periodically:
     * generate a new current-state database while checking against an
       old known-state database that has been protected from modification
       (e.g. by putting it on read-only media or on a secure server),
       mailing the output to a remote machine (or more)
     * read the report, perhaps using UN*X or XML tools to massage it
       into a form to your liking
     * if the report looks fine, copy the new database to a secure server
       for export via read-only NFS, or a secure medium that can be made
       read-only. (saving the old one in case something goes wrong.)
     * IMPORTANT: verify that the current md5sum of the database you just
       copied over matches the MD5 checksum in the report. (This shows
       that no one has tampered with the database since the report and
       the new database were generated.)
     * everything's OK, so the new database will be the known-state
       database the next time you repeat this process.