FileAudit is a lightweight file integrity sidecar for filesystem or shared-drive workflows. It watches an outbox/inbox pair, produces a JSON manifest (SHA-256 + size), ships payloads, and writes receipts after verification. It supports optional HMAC signing and distroless containers with hardened defaults.
- Outbox mode: create manifest + ship payload/manifest + create
.ready+ ack receipts. - Inbox mode: optional auto-manifest + verify manifest + emit receipt.
- Optional HMAC signature on manifests (shared secret) for authenticity.
- Works on local folders, network shares, or mounted buckets.
/outbox
/inbox
/receipts
/logs
/scripts
sudo ./scripts/test_flow.sh
This builds the images and runs a one-shot outbox + inbox pass, verifying:
- payload
- manifest
- receipt
- logs
docker compose up --build
Common env vars (also available as flags):
OUTBOX_DIR,INBOX_DIR,RECEIPTS_DIRPOLL_SEC(polling interval)STABLE_SEC(seconds a file must be unchanged before.readyis created)REQUIRE_READY(0/1)INOTIFY(0/1, Linux only)LOG_DIRorLOG_FILEPAYLOAD_NAME,PAYLOAD_BYTESINBOX_AUTOMANIFEST(0/1)MANIFEST_HMAC_KEY(shared secret for signing/verifying)ONCE(0/1)
Example HMAC run:
MANIFEST_HMAC_KEY=supersecret docker compose up --build
./file_audit --mode outbox --outbox ./outbox --inbox ./inbox --receipts-out ./receipts
./file_audit --mode inbox --inbox ./inbox --receipts-out ./receipts
One-shot mode:
./file_audit --mode outbox --once 1
./file_audit --mode inbox --once 1
- Distroless runtime images
- Non-root user
- Read-only root filesystem
- All Linux caps dropped
no-new-privilegesenabled
Logs are written to:
logs/outbox.loglogs/inbox.log
You can hash logs at end-of-day with:
./scripts/hash_logs.sh