A systems administrator is tasked with hardening a fleet of production web servers. A key requirement is to implement a security control that can detect unauthorized modifications to critical operating system files and application configurations. The administrator needs a tool that can create a baseline of these files and then report any changes, such as altered permissions or content hashes. Which of the following security tools is BEST suited for this specific purpose?
The correct answer is a file integrity monitor (FIM). An FIM is specifically designed to address this requirement by creating a baseline of critical files and configurations, often using cryptographic hashes. It then periodically scans these assets and compares them to the established baseline, alerting administrators to any unauthorized additions, deletions, or modifications.
An anti-malware scanner is designed to detect, block, and remove malicious software based on known signatures or behavioral patterns. While malware can cause file changes, an anti-malware tool is not the primary mechanism for monitoring the integrity of specific, non-malicious configuration files against a baseline.
A network packet sniffer captures and analyzes data traffic flowing over a network. It is used for troubleshooting network issues and detecting suspicious network activity, but it does not inspect the state of files stored on a server's local disk.
A port scanner probes a server to identify which network ports are open, closed, or filtered. This is useful for identifying available services and potential network-based vulnerabilities, but it provides no information about the integrity of the files on the system.