File Integrity and Log File Checkers

File Integrity and Log File Checkers

File integrity and log file checking agents are a form of HIDS that focus on the operating systems binary files and the log files normally produced by OS-based security mechanisms such as login logs. File integrity software systems are best installed immediately after operating system installation. The software creates a local database and MD5 hashes of operating system binaries and configuration files. Should system binaries or other files change in any way, nightly processes that compare current hashes against original file hashes will detect the change and alert administrators.

Log file checkers run regularly as well and parse system and application logs to search for signature-based alerts. For instance, multiple failed logins on a server would typically be detected and reported by log-checking software.