Yogesh Chauhan's Blog

File System Integrity: How to Keep an Eye on Your Files and Folder Change?

in Miscellaneous on February 2, 2020

File System Integrity

File integrity (monitoring) is an internal control or process that performs the act of validating the integrity of operating system and application software files using a verification method between the current file state and a known, good baseline.

This comparison method often involves calculating a known cryptographic checksum of the file's original baseline and comparing with the calculated checksum of the current state of the file.

We can centrally track all changes happening to specific files and folders such as when some files and folders are created, accessed, viewed, deleted, modified, renamed and much more. We can even have real time alert notification upon changes occurring to files and folders.

A snapshot of file system in trusted state taken for baseline and deviations from baseline indicate intrusion.

Checksum or Cryptographic hashes of files also taken and change in checksum or hash detect file alteration.

A checksum is a sequence of numbers and letters used to check data for errors. If you know the checksum of an original file, you can use a checksum utility to confirm your copy is identical.

Typical algorithms used to generate checksum include MD5, SHA-1, SHA-256, and SHA-512. The algorithm uses a cryptographic hash function that takes an input and produces a string (a sequence of numbers and letters) of a fixed length. The input file can be a small 1 MB file or a massive 10 GB file, but the checksum will be of the same fixed length. They are known as hash values or hashes as well. You’ll see big difference in checksum even if the change in any file or folder is small.

We create baseline file so that we can compare it with the changed files later on. But what if the attacker changes the baseline files? We can’t let that happen.

We need to hide those contents of baseline file which is called data masking or data obfuscation. That is the process of hiding original data with modified content. 

The idea is to store the contents in a binary rather than plain text. We can also store the baseline file as read only file so that it will prevent anyone to alter the content. Also, we can make it necessary to enter admin’s passwords whenever anyone wants to alter the baseline contents.


Most Read

#1 How to check if radio button is checked or not using JavaScript? #2 Solution to “TypeError: ‘x’ is not iterable” in Angular 9 #3 How to add Read More Read Less Button using JavaScript? #4 How to uninstall Cocoapods from the Mac OS? #5 PHP Login System using PDO Part 1: Create User Registration Page #6 How to Use SQL MAX() Function with Dates?

Recently Posted

#Aug 15 Is PHP still good for back-end programming? #Aug 10 How to create a multisite network in WordPress? #Aug 3 How to create a circle that follows a cursor using JavaScript and CSS? #Aug 3 How to make a curtain slider using jQuery and CSS? #Aug 2 How to progressively load images and add a blurry placeholder? #Aug 1 How to create a placeholder loader (throbber) using CSS?
You might also like these
How to add a Bar Chart in Angular App?AngularSQL GROUP BY StatementSQL/MySQLHow to create a simple text and image slider using CSS and JavaScript?CSSFive common features of Angular template syntax (with examples)AngularContainers 101: What are containers?MiscellaneousIntroduction to components and templates Part 1: Component MetadataAngular