Lynx FIM: A Host-Based Intrusion Detection Agent#

Welcome to the project site for Lynx FIM, a lightweight host-based intrusion detection agent built in Go. This is where I’m documenting my research, design decisions, and progress as I learn about cybersecurity and real-time system monitoring.

🛡️ Project Overview#

Lynx FIM monitors critical system files for unauthorized changes. By establishing a cryptographic “baseline” and then listening for kernel-level file events, the agent can immediately detect and alert when something is wrong.

🗺️ Documentation Map#

I’ve organized the documentation to serve two different purposes:

🚀 Usage Guide#

Learn how to install, configure, and run Lynx on your own servers.

• Installation & Setup: Binary builds and configuration.
• Command Reference: Detailed syntax for all CLI commands.
• Isolated Lab Testing: Experimental single-directory testing guide.

💻 Development & Research#

Deep dive into the architecture, the learning journey, and how I built the tool.

• Technical Specifications: Go, Cryptography, and Kernel events.
• Implementation Story: My milestones and lessons learned during Summer 2025.
• Performance Analysis: Benchmark results and efficiency research.
• Proof of Concept: Seeing Lynx in action with actual log outputs.

Note: This project is part of a 2-month intensive learning cycle from June to August 2025. I’m focusing on building a “best practice” implementation to understand core security concepts.