January 2010
Beginner to intermediate
936 pages
27h 45m
English
Content preview from Mac® Security Bible
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Chapter 23. Monitoring File Integrity
IN THIS CHAPTER
Learning why you should be aware of when your files change
Monitoring file integrity with Tripwire
Understanding the basics of Radmind and Samhain
Using Baseline or Sonar to determine what files have changed
Certain files on your computer — word-processing documents, spreadsheets, logs, caches, preference files, and so on — change pretty much every time you use them, and that's completely normal. However, some files should never change unless you explicitly install an update. That includes most of the components of Mac OS X itself, along with the majority of third-party applications. If these important, low-level files are changing without your active involvement, it may be a sign that malware is at work or that a network intruder is modifying your system behind your back.
File integrity monitoring (sometimes referred to as host integrity monitoring) simply means watching for unexpected file changes. If you watch the right files using the right tools, you can receive an appropriate warning when suspicious file modifications take place, enabling you to take immediate corrective action. As a bonus, these same techniques enable you to know with complete certainty exactly what components are copied to your hard disk when you install new software. If you've ever wondered where some mysterious file came from or worried that a program might have installed spyware or other nasty stuff behind your back, you can use the information in this ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.