Introduction
The Linux file integrity monitor detects file modifications on Linux devices. This acts as a security control that raises alerts by monitoring modifications and preventing unauthorized changes.
The main purpose of the Linux file integrity check is to detect any unauthorized file modifications and to send timely alerts in the event of any modification. A Linux file integrity check can be added using Setup > Monitoring > Templates > Other Monitors.
Creating Linux file integrity check monitors
To create a Linux file Integrity Check monitor:
From All Clients, select a client.
Go to Setup > Monitoring > Templates.
From TEMPLATES, click +Add.
MONITOR TEMPLATE screen appears.From MONITOR TEMPLATE, provide the details for the following parameters and click Save:
- Select Template Scope: The partner template or client-specific template. For the client-specific template, select the client.
- Collector Type: The application type used to gather the information. Select the agent.
- Applicable for: The type of the application.
- Template Name: The name of the template.
- Description: The summary of the template.
- Generation: The generation that the template belongs to. For example: Generation 2.
- Tags: The user-defined tags used for enhanced filtering.
- Prerequisites: The essential prerequisites to consider while monitoring using a template. For a Windows template, as an example, check the SQL services while monitoring SQL parameters.
- Status: The active or end-of-life templates.
- Notes: Additional information to add to the template.
- Template Family Name: The category that applies to the application. Examples include: Windows server, storage server, and network server.
- Deployment Type: Select one of the following methods to apply the template to resources:
- Custom
- Optional
- Standard
After providing the template details, go to Other Monitors and click +Add.
The other monitors screen appears.From the options displayed in Monitor Type drop-down, select Linux File Integrity Check. The Linux file integrity check screen appears.
From Linux File Integrity Check, to provide additional detailed parameters.
Click Add and Remove to increase or decrease following settings- Frequency: The intervals used to monitor the files. The recommendation is 15 minutes.
- Alert: Select Alert to receive alerts in the event of any match.
- Priority: The priority of the alert.
- Name: The unique identifier for the file.
- File Name: The absolute path of the file.
After adding a template with Linux file integrity check, assign the template to a device to start monitoring.
Managing Linux file integrity checks
Linux file integrity check monitor details can be viewed and modified when added to a template. Perform the following actions to manage the file integrity monitor:
- Edit: Click the template name displayed on the templates screen to modify the monitor details.
- View: View the monitor details in the templates screen. Click the arrow next to the template name to view the Linux file integrity monitor added to the current template.
Linux file integrity check alerts
Critical and OK
alerts are sent while monitoring the files. View the alerts in the Alert browser. Examine the alert description to verify the last modified time.