File integrity monitoring on Linux systems
Abstract
[EN] In this new era of technology and interconnected systems, the number of devices connected to the Internet has grown significantly, with more and more businesses and organizations offering services in the cloud and more users having all kinds of “smart“ connected IoT devices. With this, the number of attacks has also grown with the same pace if
not faster, requiring new systems to ensure data integrity, confidentiality and privacy.
The objective of the project is to ensure that the integrity of these devices is maintained
by designing and developing a system capable of monitoring, detecting and notifying
changes of files stored in the target filesystem. To accomplish that goal, the system will
maintain a hash digest representation of a subset of the filesystem using cryptographic
techniques and mechanisms to detect changes in real time powered by the Linux kernel
and the operating system.
All this leads to a robust intrusion detection system, capable of ensuring the integrity of a
subset of the filesystem containing information considered critical in real time, offering a
solution that is both fast and efficient, in terms of memory usage. The solution is designed
to work on any kind of devices running Linux, which comprehends high end x86 based
devices as well as low power ARM based devices.