Quick Start

Available to: Faculty, Researchers, Staff, Departments, IT Professionals

Cost: No charge

File integrity monitoring software examines the file systems of a computer and provides reports when the contents of the file system change. The software is useful for understanding the changes made by a patch or update and for detecting unauthorized changes to a computer system, such as those made by a virus or malicious hacker. These tools can be used to help ensure compliance with Change Management.

Boston University uses a locally developed tool named “Baseline” to provide the file integrity monitoring capability for our UNIX and Linux systems. Monitored systems run a client application that records information such as file ownership and permissions, along with an MD5 hash of file contents, and transmits this data to the baseline server. The baseline server compares the client’s most recent data to previous data snapshots and reports any differences. This allows the system administrator to have early warning that something has changed and to evaluate if that change is legitimate or if action may be required.

Benefits

You are alerted when files change on your system. If you see unexpected or unexplained file changes, you can investigate immediately and resolve the issue quickly if your system has been compromised.

Key Features

  • Offers fast and efficient system integrity checking
  • Provides an external and secure point of reference for security checks
  • Runs on the UNIX and Linux operating systems
  • Helps track compliance with Change Management processes

What to Expect

This service normally will be available 24 by 7 except for standard change windows, as described in IS&T’s standard policies, procedures, and schedules for making changes

Requirements

The Baseline client runs on UNIX and Linux operating systems. If your operating system is not already supported but you can provide us with a development environment, we may be able to build a client for you.

Getting Started

  • Complete information can be found on the Baseline homepage.
  • Baseline software can be obtained from the download page.
  • If you suspect your system has been compromised, contact the Incident Response Team at irt@bu.edu or 617-358-1100 for assistance