Containerized simple file integrity monitoring (FIM) service
Author(s):
@ianmaddox
,
Published: 2019-03-21
Ian Maddox | Solutions Architect | Google
Contributed by Google employees.
This example provides a basic FIM Docker image with regularly scheduled scans.
This example is designed to be run on Google Container-Optimized OS, but it will work with most other Docker servers.
basic-fim is an open source file integrity monitoring application that monitors for files that are new, altered, or deleted.
Docker Usage
Modify the following script to define your data directory and the path to monitor:
BASEDIR="/YOUR_DOCKER_APP_DATA_PATH/fim" NAME=fim IMAGE=ianmaddox/basic-fim TAG=latest FIM_DIR=/PATH/TO/MONITOR docker stop $NAME docker rm $NAME docker pull $IMAGE:$TAG docker create \ --name $NAME \ -v $BASEDIR/logs:/logs \ -v $BASEDIR/data:/root/.fim \ -v $FIM_DIR:/host-fs:ro \ -e FIM_IGNORE_PATH="*/tmp/*" \ -e FIM_THREADS="8" \ -e FIM_PATH="/host-fs" \ -e TZ="America/Los_Angeles" \ $IMAGE:$TAG
Define and override environment variables (listed below) as needed.
Launch the container.
Monitor the logs.
Kubernetes Usage
- Override environment variables shown below as needed.
- Build your Docker image.
- Deploy that image to your Kubernetes cluster.
- Use Daemonsets to configure the new workload to run one scanner pod per node.
- Ensure that scan-required paths within other pods are mounted as named volumes so they will be included in the scan of the node.
Environment variables
variable name | value | description |
---|---|---|
FIM_PATH |
/host-fs |
Path to monitor |
FIM_THREADS |
4 |
Number of threads to use when hashing |
FIM_SYMLINKS |
false |
Follow symlinks found in FIM_PATH |
FIM_DATDIR |
/root/.fim |
Data file directory |
FIM_LOGDIR |
/logs |
Log file directory |
FIM_IGNORE_FILE |
Glob file ignore filter | |
FIM_IGNORE_PATH |
Glob path ignore filter |
For more information, see Installing antivirus and file integrity monitoring on Container-Optimized OS.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see our Site Policies. Java is a registered trademark of Oracle and/or its affiliates.