Integrit is an alternative to file integrity verification programs like Tripwire and Aide. It helps you determine whether an intruder has modified a computer system.
Without a system like integrit, a sysadmin cant know whether the tools he/she uses to investigate a potential break in are trojan horses or not. e.g., If the machine has a "/tmp/. " directory containing a shell thats setuid root, and you want to investigate to determine how badly the cracker has compromised the machine, how do you know that the attacker hasnt replaced your "find" and "ls" commands with tampered versions that fail to report the crackers files?
