YogeshChauhan . com

File System Integrity: How to Keep an Eye on Your Files and Folder Change?

in Misc on February 2, 2020

File System Integrity

File integrity (monitoring) is an internal control or process that performs the act of validating the integrity of operating system and application software files using a verification method between the current file state and a known, good baseline.

This comparison method often involves calculating a known cryptographic checksum of the file's original baseline and comparing with the calculated checksum of the current state of the file.

We can centrally track all changes happening to specific files and folders such as when some files and folders are created, accessed, viewed, deleted, modified, renamed and much more. We can even have real time alert notification upon changes occurring to files and folders.

A snapshot of file system in trusted state taken for baseline and deviations from baseline indicate intrusion.

Checksum or Cryptographic hashes of files also taken and change in checksum or hash detect file alteration.

A checksum is a sequence of numbers and letters used to check data for errors. If you know the checksum of an original file, you can use a checksum utility to confirm your copy is identical.

Typical algorithms used to generate checksum include MD5, SHA-1, SHA-256, and SHA-512. The algorithm uses a cryptographic hash function that takes an input and produces a string (a sequence of numbers and letters) of a fixed length. The input file can be a small 1 MB file or a massive 10 GB file, but the checksum will be of the same fixed length. They are known as hash values or hashes as well. You’ll see big difference in checksum even if the change in any file or folder is small.

We create baseline file so that we can compare it with the changed files later on. But what if the attacker changes the baseline files? We can’t let that happen.

We need to hide those contents of baseline file which is called data masking or data obfuscation. That is the process of hiding original data with modified content. 

The idea is to store the contents in a binary rather than plain text. We can also store the baseline file as read only file so that it will prevent anyone to alter the content. Also, we can make it necessary to enter admin’s passwords whenever anyone wants to alter the baseline contents.

amazon

Most Read

#1 How to check if radio button is checked or not using JavaScript? #2 Solution to “TypeError: ‘x’ is not iterable” in Angular 9 #3 How to add Read More Read Less Button using JavaScript? #4 How to uninstall Cocoapods from the Mac OS? #5 How to Use SQL MAX() Function with Dates? #6 PHP Login System using PDO Part 1: Create User Registration Page

Recently Posted

Jun 16 What are Stored Procedures for SQL Server? Jun 16 What are Class Constants in PHP? Jun 15 A short basic guide on states in React Jun 15 How to define constants in PHP? Jun 15 How to define visibility for a property in PHP? Jun 15 How to use @if and @else in SCSS?

You might also like these

What is React? Learn the basicsReactHow to switch dark and light themes using pure CSS?CSSHow to add a Pie Chart in Angular App?AngularWordPress: How to find all posts from a custom post type with multiple custom fields values?WordPressURL paths in DrupalDrupalSolution to “TypeError: ‘x’ is not iterable” in Angular 9Angular