File Integrity Management Overview

File integrity monitoring (FIM) monitors key files on Linux servers in real time; records file addition, modification, and deletion; and reports alarms, helping you detect suspicious changes in a timely manner.

File Integrity Monitoring Principles

HSS checks for suspicious changes by comparing the previous and current statuses of a file.

File Integrity Monitoring Scope

Some file monitoring paths are preconfigured in HSS. For details, see Table 1.

To add or remove monitored files, you can modify parameters in the File Integrity area in the File Protection policy. For details, see Configuring Policies.

**Table 1** Default file monitoring paths
Type	File Path
bin	/bin/ls /bin/ps /bin/bash /bin/login
usr	/usr/bin/ls /usr/bin/ps /usr/bin/bash /usr/bin/login /usr/bin/passwd /usr/bin/top /usr/bin/killall /usr/bin/ssh /usr/bin/wget /usr/bin/curl

Constraints

File integrity management is available in HSS professional, enterprise, premium, WTP, and container editions. For details about how to purchase and upgrade HSS, see Purchasing an HSS Quota and Upgrading a Protection Quota.
File integrity management applies only to Linux servers.

Parent Topic: File Integrity Monitoring

Previous topic: File Integrity Monitoring

Next topic: Viewing File Change Records