File Integrity
--------------

.. index:: diag;diag fileguard

System installation and upgrade binaries, as well as configuration files, are
regularly checked for file integrity against a file hash. The types of files and
directories to check, is configured.

A scheduled task is configured to initialize and to carry out the regular
validation. If audit logging is enabled on a system, this initialization will
show in the audit logs as the EventType ``FileDetection`` and Audit Details as 
``File checksum initialized``.

The Command Line Interface (CLI) diagnostic command **diag fileguard** is also
available to carry out a manual check for changes to these files of since the
previous check. File tamper detection and integrity monitoring is also carried out. 
Note that the file check validates all system files and is a time consuming task.

If any files have been changed, removed or added to the configured types and
directories, these will be listed in the command output, together with the type
of changes.

Also refer to the topics on  Diagnostic Tools and Audit Log Format and Details.