Containerized simple file integrity monitoring (FIM) service
Contributed by Google employees.
This example provides a basic FIM Docker image with regularly scheduled scans.
This example is designed to be run on Google Container-Optimized OS, but it will work with most other Docker servers.
basic-fim is an open source file integrity monitoring application that monitors for files that are new, altered, or deleted.
Modify the following script to define your data directory and the path to monitor:
BASEDIR="/YOUR_DOCKER_APP_DATA_PATH/fim" NAME=fim IMAGE=ianmaddox/basic-fim TAG=latest FIM_DIR=/PATH/TO/MONITOR docker stop $NAME docker rm $NAME docker pull $IMAGE:$TAG docker create \ --name $NAME \ -v $BASEDIR/logs:/logs \ -v $BASEDIR/data:/root/.fim \ -v $FIM_DIR:/host-fs:ro \ -e FIM_IGNORE_PATH="*/tmp/*" \ -e FIM_THREADS="8" \ -e FIM_PATH="/host-fs" \ -e TZ="America/Los_Angeles" \ $IMAGE:$TAG
Define and override environment variables (listed below) as needed.
Launch the container.
Monitor the logs.
- Override environment variables shown below as needed.
- Build your Docker image.
- Deploy that image to your Kubernetes cluster.
- Use Daemonsets to configure the new workload to run one scanner pod per node.
- Ensure that scan-required paths within other pods are mounted as named volumes so they will be included in the scan of the node.
||Path to monitor|
||Number of threads to use when hashing|
||Follow symlinks found in
||Data file directory|
||Log file directory|
||Glob file ignore filter|
||Glob path ignore filter|
For more information, see Installing antivirus and file integrity monitoring on Container-Optimized OS.