README.md

Lynx FIM: A Cybersecurity Learning Project

Lynx FIM is a host-based intrusion detection agent (HIDS) I built to understand the fundamentals of file integrity monitoring and real-time system alerting in Go.

This repository contains the full source code and a detailed documentation site.

---

📖 Documentation Site

I have created a comprehensive documentation site using Hugo. You can access it locally:

1. Navigate to site/ and run hugo server -D.
2. Visit http://localhost:1313/.

Browse Docs on GitHub:

• 🚀 Usage Guide
  • Installation & Setup
  • Command Reference
  • General Features
  • Isolated Lab Testing
• 💻 Development & Research
  • Technical Specifications
  • Implementation Story
  • Performance Analysis
  • Proof of Concept

---

🧪 Quick Test: The Isolated Lab

If you want to see Lynx FIM in action without affecting your system, follow this temporary process:

# 1. Prepare Workspace
mkdir -p /tmp/lynx-lab && cd /tmp/lynx-lab
# (From project root)
make build && cp bin/lynx /tmp/lynx-lab/
cd /tmp/lynx-lab

# 2. Create Dummy Data
mkdir watched_dirs && echo "secret info" > watched_dirs/top_secret.txt

# 3. Initialize and Configure
./lynx init
sed -i 's|/etc/ssh|./watched_dirs|g' config.yaml

# 4. Set Secret and Baseline
export LYNX_HMAC_SECRET="lab-secret-123"
./lynx baseline -o lab_baseline.json

# 5. Start Monitoring (blocks terminal)
./lynx start -b lab_baseline.json

In a second terminal:

echo "tampered!" >> /tmp/lynx-lab/watched_dirs/top_secret.txt

You will see the critical alert immediately in Terminal 1.