FIM is a security practice that consists of verifying the integrity of Operating Systems and application software file to determine if tampering or fraud has occurred by comparing them to a trusted ”baseline”. In fact, File Integrity Monitoring is able to protect sensitive information from theft, loss, and malware. It must provide sufficient insight and actionable intelligence. In this article, you will learn How To Install FIM On CentOS 8. Visit Eldernode and find a perfect package to purchase your own CentOS VPS.
Tutorial Install FIM On CentOS 8
FIM is a security control that many organizations build their cybersecurity programs around since is a technology that monitors and detects changes in files that may indicate a cyberattack. The act of performing FIM is automated using internal controls such as an application or process. This monitoring could be performed randomly and at a defined polling interval, or in real-time.
Learn Install FIM On CentOS
FIM alerts you to unauthorized changes and helps you to protect IT infrastructure. as a solution, FIM monitors file changes on servers, databases, network devices, directory servers, applications, cloud environment, and virtual images.
A strong FIM solution uses change intelligence to only notify you when needed. So, noise reduction is one of its brilliant features.
FIM allows you to meet many regulatory compliance standards such as PCI-DSS, NERC CIP, FISMA, SOX, NIST, and HIPAA, as well as best practice frameworks like the CIS security benchmarks.
How to Setup FIM using Osquery on Linux
Recently, you have read about Osquery. It is a multi-platform software that you can install on Linux, Windows, macOS, and FreeBSD. In the following, you will learn how to set up File Integrity Monitoring using Osquery. Let’s go through the steps of this guide to review the process of installation.
How to Install Osquery on Linux CentOS
Since Osquery provides its own repository for all platform installations, you can install the Osquery packages from the official Osquery repository. So, add the Osquery key to the system.
curl -L https://pkg.osquery.io/rpm/GPG
sudo tee /etc/pki/rpm-gpg/RPM-GPG-KEY-osquery
Now, add and enable the Osquery and install the package.
sudo yum-config-manager --add-repo https://pkg.osquery.io/rpm/osquery-s3-rpm.repo
sudo yum-config-manager --enable osquery-s3-rpmsudo yum install osquery -y
sudo yum install osquery -y
You may face an error about the yum-config-manager command.
yum-config-manager: command not found
Now, install the ‘yum-utils’ package by running the following command:
yum -y install yum-utils
How to enable Syslog Consumption in Osquery
Osquery provides features to read or consume system logs on the Apple macOS using the Apple System Log (ASL), and for Linux is using the Syslog. Now, you can enable the Syslog consumption for Osquery through the rsyslog. To install the rsyslog package run the command below:
sudo yum install rsyslog -y
When the installation is complete, go to the ‘/etc/rsyslog.d’ directory and create a new configuration file Osquery.conf.
Next, paste the following configuration there.
template( name="OsqueryCsvFormat" type="string" string="%timestamp:::date-rfc3339,csv%,%hostname:::csv%,%syslogseverity:::csv%,%syslogfacility-text:::csv%,%syslogtag:::csv%,%msg:::csv%\n" ) *.* action(type="ompipe" Pipe="/var/osquery/syslog_pipe" template="OsqueryCsvFormat")
Now, you can save and exit.
How to test the File Integrity Monitoring
In this step, you can test the FIM packs by creating a new file on the defined directory ‘home’ and ‘www’. To do this, go to the ‘/var/www/’ directory and create a new file named ‘eldernode.com.md’
Then, go to the ‘/home/youruser/’ directory and create a new file named hakase-labs.md’.
Now, you can check all logs monitoring using the real-time interactive mode Osquery and the logs of the Psquery results.
In this article, you learned How To Install FIM On CentOS 8. It was the way you can set up and configuration the File Integrity Monitoring on Linux Server and CentOS utilizing Osquery.