General Information on File System Integrity Checker

Use the file system integrity checker to monitor changes to vital firewall or system files. If those files are inadvertently or maliciously modified, the security of the entire internal network may be compromised. The IBM Firewall maintains a database file /etc/security/fwfschk.db.list which contains:

  1. A list of files considered sensitive. The IBM Firewall administrator can edit this file to add or delete files to monitor.
  2. The MD5 checksum of each file
  3. The MD5 checksum of each file's access control list, which contains:
    • Attributes (setuid, setgid, and sticky bits)
    • Base permissions
      • owner's ID and mode
      • group's ID and mode
      • other's ID and mode
    • Extended permissions

The file integrity checker uses the AIX command aclget for permissions data. See the man page for aclget for more information.

When executed, the checker compares the current system status against the database. In the event of a discrepancy, the checker outputs an alert listing the files that have been changed and how they have changed.

Further Information

Using the File System Integrity Checker

Check System Files Against Last Saved Database Copy

Click on this radio button and click "Execute" to compare the current system status against a database containing a list of sensitive files, each with its MD5 checksum and access control list information. Results will be displayed in the output section.

Update Database to Reflect Current System Files

If you have made a change to a sensitive file, you should update the database. Click the radio button and then click on "Execute" to update the database to reflect the current system status. The files updated are displayed in the Output section. /etc/security/fwfschk.db.list contains the list of sensitive files which are used to generate the database.

Execute

Click on "Execute" to initiate the command selected above.

Close

Press the "Close" button to eliminate the window from your display.