Subtitles of the Movie

As part of our continuing discussion on system security, let's talk about system integrity for a moment. Now, system integrity basically means the ability to ensure that your system files, your processes and your resources you have on the system, they're available and they have not been altered or tampered with. And that's very important. A lot of hack attacks and so forth invade the system and change system files and so forth to make it look like they're the same files but in reality, sometimes they may have malware, such as Trojans attached with them. So system integrity is very important to having a secure system. System integrity prevents accidental and intentional alterations of your system files because let's face it, users sometimes can make mistakes too, so system files can be altered, perhaps they downloaded something they didn't intend to, it overwrote a file or they downloaded a piece of malware they didn't intend to. So system integrity can prevent that accidental and intentional alteration of your files. Now, there's a few different ways to preserve system integrity that we'll talk about quickly. First of all, there's hashing files. Now, you can hash entire directories or individual files and hashing, if you're not familiar with it, essentially is using a command such as MD5, for example, to get an MD5 sum. Now, that sum is a hash and every hash is unique to the file that's hashed. If the file is altered in the slightest little bit, even one bit, then the hash changes. So you could hash your files, save the hashes to a file and then if you rehash them later and one of them changed so the hash was different, you'd know this; something had changed with that file. So some people do that. You might not want to hash the entire computer, but maybe hash specific directories or files if you just want to make sure they haven't been altered by anyone. A popular program that's out there is called Tripwire and Tripwire essentially is a system-integrity program that can run as a cron job periodically and hash specific files and check just to make sure that they're the same files that they ought to be. It's an automated program and it was open source a while back and now it's kind of gone commercial. Another program that's out there is called AIDE and AIDE is essentially a free version of a system-integrity checker. It's does a lot of the same things Tripwire does. Some of the things you should do yourself to prevent system integrity from becoming a problem is limit write access to directories that contain executables. Set your permissions properly. A directory such as sbin for example, that contain executables, should have permissions of say 600 for example, so that only the owner can read and write those and no one else can read or write those directories. Download utilities from time to time such as Tripwire and so forth to look for root kits. Root kits essentially is when a malicious user replaces system files with files that may look identical, and even have identical function but are actually malicious files; they're not the same files and they may have all manner of malware such as keystroke lockers or Trojans embedded in those files. Also, only allow patches from trusted sources. When you do your update, only allow from repositories that you know you can trust, such as the default openSUSE repositories and so forth. Be careful in the community repositories. I won't say that those things are bad, but sometimes occasionally a piece of malware or something could slip through that are unintentional, may mess up computer. So just basically allow patches from sources that you know you can trust. Maybe those that have a valid PGP key and things like that. These are just a couple of the things that I would tell you that you could do to ensure your system integrity. There are probably definitely more things you could do. If things happen and you do lose system integrity, some files are replaced or you can't trust them or you may have a root kit, some of the things you can do to correct that, unfortunately, is reinstalling the system over again or restoring the system from a backup. Let's say you've got a backup, a really good backup of your files and you may have to restore the system that way because once a system file has been compromised, you never really know if it's the same again unless it reinstalled.