File Integrity Monitoring Overview

What Is File Integrity Monitoring?

File integrity monitoring (FIM) monitors key files on Linux servers in real time; records file addition, modification, and deletion; and reports alarms, helping you detect suspicious changes in a timely manner.

File Integrity Monitoring Principles

HSS checks for suspicious changes by comparing the previous and current statuses of a file.

File Integrity Monitoring Scope

Some file monitoring paths are preset on HSS. For details about the file monitoring paths, see Table 1.

To add or remove monitored files, modify the settings of File Integrity and Important File Directory Change in the File Protection policy. For details, see Configuring Policies.

**Table 1** Default paths for file integrity checks
Type	File Path
bin	/bin/ls /bin/ps /bin/bash /bin/login
usr	/usr/bin/ls /usr/bin/ps /usr/bin/bash /usr/bin/login /usr/bin/passwd /usr/bin/top /usr/bin/killall /usr/bin/ssh /usr/bin/wget /usr/bin/curl

Constraints

File integrity management is available in HSS professional, enterprise, premium, WTP, and container editions. For details about how to purchase and upgrade HSS, see Purchasing an HSS Quota and Upgrading a Protection Quota.
File integrity management applies only to Linux servers.

Parent Topic: File Integrity Monitoring

Previous topic: File Integrity Monitoring

Next topic: Viewing File Change Records