FIM
Definition
File Integrity Monitoring (FIM) is a security technology that involves monitoring and detecting changes to files, including system files, application files, and configuration files. It is used to ensure that unauthorized modifications, which could indicate a security breach or malicious activity, are quickly identified and addressed. FIM is a critical component of a comprehensive security strategy, helping to maintain the integrity and security of systems by alerting administrators to potential threats.
Secure Settings Example
# Example configuration for a FIM tool like OSSEC
directories:
- path: /etc
recurse: true
frequency: 3600
alert: true
report_changes: true
checksum: md5,sha256
- path: /var/www
recurse: true
frequency: 3600
alert: true
report_changes: true
checksum: md5,sha256
Insecure Settings Example
# Example of a misconfigured FIM setup
directories:
- path: /etc
recurse: false
frequency: 86400
alert: false
report_changes: false
checksum: md5
- path: /var/www
recurse: false
frequency: 86400
alert: false
report_changes: false
checksum: md5