An introduction to File Integrity Check
Purpose of doing Remote File Integrity Check to conform the file or set of files is not modified, and those files are intact. Because of a hacker or malicious inputs any sensitive system files can be modification and this can cause serious problems. Example some configuration file modification can lead to an abnormal working of corresponding application. To avoid these important files are checked in a period of time.
This is normally achieved by using Hash functions. Just like any other files a hash of these files are taken and stored and periodically the hash is taken again and compared with the originally stored one.
Remote File Integrity Check
If this checking is carried in local system it will be easy, if is to be done in a remote system there require a agent in remote system to do so. Here the question is this remote agent can be trusted. If this agent is trustworthy then as a local file in this case also it will work. If the hacker modified the agent to give all the time the original hash value, in this case this system brake.
RFiC propose a system which can over ride this by asking bit values in different locations.
RFiC
In RFiC clock counts are stored for further verification. To under stand the technology read the technology document in the document session.
RFiC can do two type of integrity checking
- Local files
- Remote file
This system include
- rfic – Command line tool to check the integrity of any file as on require
- rficd – rfic Demon for the remote and local system architecture
- rficp – A specific client server communication protocol for integrity verification includes Challenge Response Protocol(RFiC-CRP)