title | description | author | tags | date_published |
---|---|---|---|---|
Containerized simple file integrity monitoring (FIM) service |
Monitor file integrity on a Kubernetes node and all its pods. |
ianmaddox |
security, fim, pci, dss, file integrity, kubernetes, pod, node |
2019-03-21 |
Ian Maddox | Solutions Architect | Google
Contributed by Google employees.
This example provides a basic FIM Docker image with regularly scheduled scans.
This example is designed to be run on Google Container-Optimized OS, but it will work with most other Docker servers.
basic-fim is an open source file integrity monitoring application that monitors for files that are new, altered, or deleted.
-
Modify the following script to define your data directory and the path to monitor:
BASEDIR="/YOUR_DOCKER_APP_DATA_PATH/fim" NAME=fim IMAGE=ianmaddox/basic-fim TAG=latest FIM_DIR=/PATH/TO/MONITOR docker stop $NAME docker rm $NAME docker pull $IMAGE:$TAG docker create \ --name $NAME \ -v $BASEDIR/logs:/logs \ -v $BASEDIR/data:/root/.fim \ -v $FIM_DIR:/host-fs:ro \ -e FIM_IGNORE_PATH="*/tmp/*" \ -e FIM_THREADS="8" \ -e FIM_PATH="/host-fs" \ -e TZ="America/Los_Angeles" \ $IMAGE:$TAG
-
Define and override environment variables (listed below) as needed.
-
Launch the container.
-
Monitor the logs.
- Override environment variables shown below as needed.
- Build your Docker image.
- Deploy that image to your Kubernetes cluster.
- Use Daemonsets to configure the new workload to run one scanner pod per node.
- Ensure that scan-required paths within other pods are mounted as named volumes so they will be included in the scan of the node.
variable name | value | description |
---|---|---|
FIM_PATH |
/host-fs |
Path to monitor |
FIM_THREADS |
4 |
Number of threads to use when hashing |
FIM_SYMLINKS |
false |
Follow symlinks found in FIM_PATH |
FIM_DATDIR |
/root/.fim |
Data file directory |
FIM_LOGDIR |
/logs |
Log file directory |
FIM_IGNORE_FILE |
Glob file ignore filter | |
FIM_IGNORE_PATH |
Glob path ignore filter |
For more information, see Installing antivirus and file integrity monitoring on Container-Optimized OS.