Advance

How To Install FIM On CentOS 8 [Complete]

How To Install FIM On CentOS 8

FIM is a security practice that consists of verifying the integrity of Operating Systems and application software file to determine if tampering or fraud has occurred by comparing them to a trusted ”baseline”. In fact, File Integrity Monitoring is able to protect sensitive information from theft, loss, and malware. It must provide sufficient insight and actionable intelligence. In this article, you will learn How To Install FIM On CentOS 8. Visit Eldernode and find a perfect package to purchase your own CentOS VPS.

Tutorial Install FIM On CentOS 8

FIM is a security control that many organizations build their cybersecurity programs around since is a technology that monitors and detects changes in files that may indicate a cyberattack. The act of performing FIM is automated using internal controls such as an application or process. This monitoring could be performed randomly and at a defined polling interval, or in real-time.

Learn Install FIM On CentOS

Recommended Article: How To Install FIM On CentOS 8 [Complete]

FIM Advantages

FIM alerts you to unauthorized changes and helps you to protect IT infrastructure. as a solution, FIM monitors file changes on servers, databases, network devices, directory servers, applications, cloud environment, and virtual images.

A strong FIM solution uses change intelligence to only notify you when needed. So, noise reduction is one of its brilliant features.

FIM allows you to meet many regulatory compliance standards such as PCI-DSS, NERC CIP, FISMA, SOX, NIST, and HIPAA, as well as best practice frameworks like the CIS security benchmarks.

How to Setup FIM using Osquery on Linux

Recently, you have read about Osquery. It is a multi-platform software that you can install on Linux, Windows, macOS, and FreeBSD. In the following, you will learn how to set up File Integrity Monitoring using Osquery. Let’s go through the steps of this guide to review the process of installation.

How to Install Osquery on Linux CentOS

Since Osquery provides its own repository for all platform installations, you can install the Osquery packages from the official Osquery repository. So, add the Osquery key to the system.

curl -L https://pkg.osquery.io/rpm/GPG
sudo tee /etc/pki/rpm-gpg/RPM-GPG-KEY-osquery

Now, add and enable the Osquery and install the package.

sudo yum-config-manager --add-repo https://pkg.osquery.io/rpm/osquery-s3-rpm.repo
sudo yum-config-manager --enable osquery-s3-rpmsudo yum install osquery -y
sudo yum install osquery -y

You may face an error about the yum-config-manager command.

yum-config-manager: command not found

Now, install the ‘yum-utils’ package by running the following command:

yum -y install yum-utils

How to enable Syslog Consumption in Osquery

Osquery provides features to read or consume system logs on the Apple macOS using the Apple System Log (ASL), and for Linux is using the Syslog. Now, you can enable the Syslog consumption for Osquery through the rsyslog. To install the rsyslog package run the command below:

sudo yum install rsyslog -y

When the installation is complete, go to the ‘/etc/rsyslog.d’ directory and create a new configuration file Osquery.conf.

cd /etc/rsyslog.d/
vim osquery.conf

Next, paste the following configuration there.

template(  name="OsqueryCsvFormat"  type="string"  string="%timestamp:::date-rfc3339,csv%,%hostname:::csv%,%syslogseverity:::csv%,%syslogfacility-text:::csv%,%syslogtag:::csv%,%msg:::csv%\n"  )  *.* action(type="ompipe" Pipe="/var/osquery/syslog_pipe" template="OsqueryCsvFormat")

Now, you can save and exit.

How to test the File Integrity Monitoring

In this step, you can test the FIM packs by creating a new file on the defined directory ‘home’ and ‘www’. To do this, go to the ‘/var/www/’ directory and create a new file named ‘eldernode.com.md’

cd /var/www/
touch eldernode.md

Then, go to the ‘/home/youruser/’ directory and create a new file named hakase-labs.md’.

touch hakase-labs.md

Now, you can check all logs monitoring using the real-time interactive mode Osquery and the logs of the Psquery results.

Conclusion

In this article, you learned How To Install FIM On CentOS 8. It was the way you can set up and configuration the File Integrity Monitoring on Linux Server and CentOS utilizing Osquery.

View More Posts
Tom Veitch
Eldernode Writer
We Are Waiting for your valuable comments and you can be sure that it will be answered in the shortest possible time.

Leave a Reply

Your email address will not be published. Required fields are marked *

We are by your side every step of the way

Think about developing your online business; We will protect it compassionately

We are by your side every step of the way

+8595670151

7 days a week, 24 hours a day