Blog

FIM Hack: You need to be notified when permission changes are made to sudo

Problem: You need to be notified when permission changes are made to sudo

File integrity monitoring (or “FIM”) permits you to identify when changes are made to your files. If you are concerned that a critical file may be inadvertently changed, or that an attacker may mess with certain files on your system, file integrity monitoring can help you spot these changes. Halo generates a cryptographic hash of each file, and then stores that hash on our grid. Later checks verify that the file continues to generate the same hash value.

(For an overview of Halo FIM, see our video, our user guide, or our guide for people who are familiar with file integrity monitoring.)

Monitor:
/etc/sudoers

When a change is made in /etc/sudoers, if you’ve requested “Generate an Alert” in the FIM policy you’ll receive an alert like this:

Stay up to date

Get the latest news and tips on protecting critical business assets.

Related Posts