Question

Kathleen wants to verify on a regular basis that a file has not changed on the system that she is responsible for. Which of the following methods is best suited to this?

A. Use sha1sum to generate a hash for the file and write a script to check it periodically.
B. Install and use Tripwire.
C. Periodically check the MAC information for the file using a script.
D. Encrypt the file and keep the key secret so the file cannot be modified.

Answer 1

The best method to verify file integrity is by installing and using Tripwire, an intrusion detection system that compares the current state of a file with the baseline state and sends alerts if changes are detected. Using sha1sum to generate a hash for the file and periodically checking it is also an option but requires manual monitoring. Checking MAC information and encrypting the file are not ideal for file integrity verification.

Step-by-step explanation:

The method best suited to verify that a file has not changed on a system is to install and use Tripwire. Tripwire is an intrusion detection system that monitors and alerts any changes made to specified files or directories. It compares the current state of the file with the baseline state and sends a notification if any modifications are detected.

Using sha1sum to generate a hash for the file and periodically checking it with a script is also a viable option. However, it requires manual scripting and monitoring.

Checking the MAC (Modified, Accessed, Created) information for the file periodically using a script is not the ideal method to ensure file integrity.

Encrypting the file and keeping the key secret only helps protect the file from unauthorized access or modification, but it does not provide a means of regular verification.