Jake Abendroth

Argus

A directory checksum/monitoring tool built in Rust that recursively scans directories and calculates SHA-256 checksums.

View on GitHub
Rust
SHA-256
File Integrity
Cybersecurity

Status

Active Development

Started

2024

Last Updated

2024

Primary Language

Rust

Overview

Argus is a simple file integrity checker built in Rust. It recursively scans a given directory, calculates the SHA-256 checksum for each file, and stores the results in a file. It supports output in NDJSON (Newline Delimited JSON) format.

Problem Statement

File integrity monitoring is crucial for security, but many existing tools are resource-intensive or lack the flexibility needed for different environments. There was a need for a lightweight, efficient solution that could process large numbers of files quickly.

Solution

Argus addresses these challenges by implementing an efficient, recursive file monitoring system in Rust that can process files quickly. It uses SHA-256 checksums to detect even the smallest unauthorized modifications to files.

Key Implementation

Directory Scanning Implementation

This function recursively scans a directory and calculates checksums for each file.

rust
fn scan_directory(path: &Path) -> Result<Vec<FileRecord>, Error> {
    let mut records = Vec::new();
    
    for entry in fs::read_dir(path)? {
        let entry = entry?;
        let path = entry.path();
        
        if path.is_dir() {
            // Recursively scan subdirectories
            let mut sub_records = scan_directory(&path)?;
            records.append(&mut sub_records);
        } else {
            // Process file
            let record = FileRecord::new(path)?;
            records.push(record);
        }
    }
    
    Ok(records)
}

Checksum Calculation

This function calculates the SHA-256 checksum for a given file.

rust
fn calculate_checksum(path: &Path) -> Result<[u8; 32], Error> {
    let mut file = File::open(path)?;
    let mut hasher = Sha256::new();
    let mut buffer = [0; 8192]; // 8KB buffer for efficient reading
    
    loop {
        let bytes_read = file.read(&mut buffer)?;
        if bytes_read == 0 {
            break;
        }
        hasher.update(&buffer[..bytes_read]);
    }
    
    Ok(hasher.finalize().into())
}

Challenges & Learnings

Developing Argus presented several challenges, including optimizing the recursive directory traversal, implementing efficient checksum calculation and comparison, and designing a user-friendly command-line interface. The most significant challenge was balancing performance with comprehensive monitoring capabilities.

Future Improvements

  • Checking against old checksums for changes (WIP)
  • Implement real-time alerting via email or messaging services
  • Add support for different hashing algorithms
  • Develop a configuration file system for easier setup
  • Create a web interface for monitoring and alerts