File Integrity Management Overview

File integrity management (FIM) monitors key files on Linux servers in real time; records file addition, modification, and deletion; and reports alarms, helping you detect suspicious changes in a timely manner.

File Integrity Monitoring Principles

HSS checks for suspicious changes by comparing the previous and current statuses of a file.

File Integrity Monitoring Scope

Some file monitoring paths are preconfigured in HSS. For details, see Table 1.

To add or remove monitored files, you can modify parameters in the File Integrity area in the File Protection policy. For details, see Configuring Policies.

Table 1 Default file monitoring paths

Type

File Path

bin

  • /bin/ls

  • /bin/ps

  • /bin/bash

  • /bin/login

usr

  • /usr/bin/ls

  • /usr/bin/ps

  • /usr/bin/bash

  • /usr/bin/login

  • /usr/bin/passwd

  • /usr/bin/top

  • /usr/bin/killall

  • /usr/bin/ssh

  • /usr/bin/wget

  • /usr/bin/curl

Constraints and Limitations

File integrity management applies only to Linux servers.

last updated: 2024-12-20 12:17 UTC - commit: b388aa84bdc22cbf164091ddd381853374abb2d1