Note: The default list of known files is generated upon installation, and contains the most
important system files. The list of files differs between distributions. Run
/opt/f-secure/fsav/bin/fslistfiles to retrieve the exact list of files.
Baseline Passphrase
The baseline has to be signed to prevent anyone from modifying the protected files.
The product verifies the baseline and the system integrity cryptographically. A cryptographic
algorithm is applied to the baseline contents and the passphrase to generate a signature (a
HMAC signature) of the baselined information.
Important: You must take great care not to forget the passphrase used as it cannot be
recovered and the baseline cannot be verified against tampering without using the same
passphrase.
Note: All administrators who know the passphrase can regenerate the baseline, so sharing
the passphrase should be limited.
Verify Baseline
You can verify the baseline manually to make sure that your system is safe and all baselined
files are unmodified.
1. Enter your passphrase to verify the baseline.
2. Do not start any other integrity checking processes while the product verifies the baseline.
If an attacker has managed to gain a root access to the system and regenerated the baseline,
the regenerated baseline does not match against your passphrase when you verify the baseline.
Rootkit Prevention
When the Integrity Checking is enabled, the product can prevent rootkits.
Hackers can use rootkits to gain access to the system and obtain administrator-level access to
the computer and the network.
Configuring Rootkit Prevention
When Integrity Checking is on, the product can prevent rootkit infiltrations.
In the I want to... page in the web user interface, click Modify advanced settings... to view
and configure Integrity Checking settings.
1. Turn Kernel module verification on or off.
F-Secure Linux Security | Using the Product | 61
To Next Page
Loading...
Need help?
General
