Cool Halo Trick #11: Identify changes to SSH access key files

Problem: I need to be alerted if the file containing a user’s public SSH key is modified

Halo FIM can alert you if a change is made to a user’s SSH access key file. To do this, go to Policies > File Integrity Policies > Add New File Integrity Policy.

Give the policy a descriptive name and monitor the following files:


Save the policy and baseline against a gold master server image.

Here’s what the email alert will look like if a modification is made:

Stay up to date

Get the latest news and tips on protecting critical business assets.

Related Posts