File Integrity

System installation and upgrade binaries, as well as configuration files, are regularly checked for file integrity against a file hash. The types of files and directories to check, is configured.

A scheduled task is configured to initialize and to carry out the regular validation. If audit logging is enabled on a system, this initialization will show in the audit logs as the EventType FileDetection and Audit Details as File checksum initialized.

The Command Line Interface (CLI) diagnostic command diag filehash is also available to carry out a manual check for changes to these files of since the previous check. Note that the file check validates all system files and is a time consuming task.

If any files have been changed, removed or added to the configured types and directories, these will be listed in the command output, together with the type of changes.

Also refer to the topics on Diagnostic Tools and Audit Log Format and Details.