I published the following diary on isc.sans.org: “Backup Scripts, the FIM of the Poor“.
File Integrity Management or “FIM” is an interesting security control that can help to detect unusual changes in a file system. By example, on a server, they are directories that do not change often. Example with a UNIX environment:
- Binaries & libraries in /usr/lib, /usr/bin, /bin, /sbin, /usr/local/bin, …
- Configuration files in /etc
- Devices files in /dev