I published the following diary on isc.sans.org: “Backup Scripts, the FIM of the Poor“.
File Integrity Management or “FIM” is an interesting security control that can help to detect unusual changes in a file system. By example, on a server, they are directories that do not change often. Example with a UNIX environment:
- Binaries & libraries in /usr/lib, /usr/bin, /bin, /sbin, /usr/local/bin, …
- Configuration files in /etc
- Devices files in /dev
[Read more]
[The post [SANS ISC] Backup Scripts, the FIM of the Poor has been first published on /dev/random]
Article Link: https://blog.rootshell.be/2017/07/12/sans-isc-backup-scripts-fim-poor/