Use the file system integrity checker to monitor changes to vital firewall or system files. If those files are inadvertently or maliciously modified, the security of the entire internal network may be compromised. The IBM Firewall maintains a database file /etc/security/fwfschk.db.list which contains:
The file integrity checker uses the AIX command aclget for permissions data. See the man page for aclget for more information.
When executed, the checker compares the current system status against the database. In the event of a discrepancy, the checker outputs an alert listing the files that have been changed and how they have changed.
![]() |
Using the File System Integrity Checker |