Yogesh Chauhan's Blog

File System Integrity: How to Keep an Eye on Your Files and Folder Change?

in Miscellaneous on February 2, 2020

File System Integrity

File integrity (monitoring) is an internal control or process that performs the act of validating the integrity of operating system and application software files using a verification method between the current file state and a known, good baseline.

This comparison method often involves calculating a known cryptographic checksum of the file's original baseline and comparing with the calculated checksum of the current state of the file.

We can centrally track all changes happening to specific files and folders such as when some files and folders are created, accessed, viewed, deleted, modified, renamed and much more. We can even have real time alert notification upon changes occurring to files and folders.

A snapshot of file system in trusted state taken for baseline and deviations from baseline indicate intrusion.

Checksum or Cryptographic hashes of files also taken and change in checksum or hash detect file alteration.

A checksum is a sequence of numbers and letters used to check data for errors. If you know the checksum of an original file, you can use a checksum utility to confirm your copy is identical.

Typical algorithms used to generate checksum include MD5, SHA-1, SHA-256, and SHA-512. The algorithm uses a cryptographic hash function that takes an input and produces a string (a sequence of numbers and letters) of a fixed length. The input file can be a small 1 MB file or a massive 10 GB file, but the checksum will be of the same fixed length. They are known as hash values or hashes as well. You’ll see big difference in checksum even if the change in any file or folder is small.

We create baseline file so that we can compare it with the changed files later on. But what if the attacker changes the baseline files? We can’t let that happen.

We need to hide those contents of baseline file which is called data masking or data obfuscation. That is the process of hiding original data with modified content. 

The idea is to store the contents in a binary rather than plain text. We can also store the baseline file as read only file so that it will prevent anyone to alter the content. Also, we can make it necessary to enter admin’s passwords whenever anyone wants to alter the baseline contents.

Most Read

#1 Solution to the error “Visual Studio Code can’t be opened because Apple cannot check it for malicious software” #2 How to add Read More Read Less Button using JavaScript? #3 How to check if radio button is checked or not using JavaScript? #4 Solution to “TypeError: ‘x’ is not iterable” in Angular 9 #5 PHP Login System using PDO Part 1: Create User Registration Page #6 How to uninstall Cocoapods from the Mac OS?

Recently Posted

#Apr 8 JSON.stringify() in JavaScript #Apr 7 Middleware in NextJS #Jan 17 4 advanced ways to search Colleague #Jan 16 Colleague UI Basics: The Search Area #Jan 16 Colleague UI Basics: The Context Area #Jan 16 Colleague UI Basics: Accessing the user interface
You might also like these
How to remove trailing characters from a string using JavaScript?JavaScriptLearn to create profile card using HTML and CSSCSS5 Steps to Create a Line using Canvas Tag in HTML5HTMLHow to create a Recent Posts function in WordPress?WordPressHigher Order Functions in JavaScript with ExamplesJavaScriptSteps to Install Microsoft SQL Server on a MacOSSQL/MySQL