Problem: I need to be alerted if the file containing a user’s public SSH key is modified
Halo FIM can alert you if a change is made to a user’s SSH access key file. To do this, go to Policies > File Integrity Policies > Add New File Integrity Policy.
Give the policy a descriptive name and monitor the following files:
Save the policy and baseline against a gold master server image.
Here’s what the email alert will look like if a modification is made: