Article: Comprehensive File Integrity Monitoring System
File Integrity Monitoring (FIM) is a critical security control that detects and alerts on unauthorized changes to files and directories. This article covers a comprehensive FIM implementation in Java with real-time monitoring, cryptographic verification, and advanced threat detection.
Core File Integrity Monitoring System
package com.titliel.fim;
import java.io.*;
import java.nio.file.*;
import java.security.*;
import java.util.*;
import java.util.concurrent.*;
import java.util.stream.Collectors;
/**
* Titliel File Integrity Monitor
* Advanced FIM with real-time monitoring, cryptographic hashing, and threat intelligence
*/
public class TitlielFileIntegrityMonitor {
private final FimConfig config;
private final FileHasher fileHasher;
private final IntegrityValidator integrityValidator;
private final EventProcessor eventProcessor;
private final WatchService watchService;
private final ExecutorService monitoringExecutor;
private final ScheduledExecutorService scheduledExecutor;
private final Map<Path, FileSignature> baselineDatabase;
private final Set<Path> monitoredPaths;
private final ConcurrentLinkedQueue<FileEvent> eventQueue;
private volatile boolean running = false;
public TitlielFileIntegrityMonitor() {
this.config = FimConfig.getInstance();
this.fileHasher = new FileHasher();
this.integrityValidator = new IntegrityValidator();
this.eventProcessor = new EventProcessor();
this.monitoringExecutor = Executors.newFixedThreadPool(config.getMonitoringThreads());
this.scheduledExecutor = Executors.newScheduledThreadPool(2);
this.baselineDatabase = new ConcurrentHashMap<>();
this.monitoredPaths = ConcurrentHashMap.newKeySet();
this.eventQueue = new ConcurrentLinkedQueue<>();
try {
this.watchService = FileSystems.getDefault().newWatchService();
} catch (IOException e) {
throw new FimException("Failed to initialize watch service", e);
}
initialize();
}
/**
* Initialize the FIM system
*/
private void initialize() {
try {
// Load configuration
loadConfiguration();
// Establish baseline for monitored paths
establishBaseline();
// Start monitoring services
startMonitoringServices();
// Register shutdown hook
Runtime.getRuntime().addShutdownHook(new Thread(this::shutdown));
running = true;
FimLogger.info("Titliel File Integrity Monitor initialized successfully");
FimLogger.info("Monitoring {} paths with {} algorithms",
monitoredPaths.size(), config.getHashAlgorithms().size());
} catch (Exception e) {
FimLogger.error("Failed to initialize File Integrity Monitor", e);
throw new FimException("Initialization failed", e);
}
}
/**
* Load configuration and monitored paths
*/
private void loadConfiguration() {
// Load monitored paths from configuration
monitoredPaths.addAll(config.getMonitoredPaths());
// Add system critical paths if configured
if (config.isMonitorSystemPaths()) {
monitoredPaths.addAll(getSystemCriticalPaths());
}
FimLogger.info("Loaded {} monitored paths", monitoredPaths.size());
}
/**
* Establish cryptographic baseline for all monitored paths
*/
private void establishBaseline() {
FimLogger.info("Establishing cryptographic baseline...");
List<Future<BaselineResult>> futures = new ArrayList<>();
for (Path path : monitoredPaths) {
futures.add(monitoringExecutor.submit(() ->
createBaselineForPath(path)));
}
int successCount = 0;
int failureCount = 0;
for (Future<BaselineResult> future : futures) {
try {
BaselineResult result = future.get(30, TimeUnit.SECONDS);
if (result.isSuccess()) {
successCount++;
baselineDatabase.putAll(result.getSignatures());
} else {
failureCount++;
FimLogger.warn("Failed to establish baseline for: {}", result.getPath());
}
} catch (Exception e) {
failureCount++;
FimLogger.error("Baseline establishment failed", e);
}
}
FimLogger.info("Baseline established: {} successful, {} failed", successCount, failureCount);
FimLogger.info("Total files in baseline: {}", baselineDatabase.size());
}
/**
* Create baseline for a specific path
*/
private BaselineResult createBaselineForPath(Path path) {
BaselineResult result = new BaselineResult(path);
try {
if (!Files.exists(path)) {
result.setSuccess(false);
result.setError("Path does not exist");
return result;
}
if (Files.isDirectory(path)) {
// Recursively process directory
Files.walk(path)
.filter(Files::isRegularFile)
.forEach(file -> {
try {
FileSignature signature = calculateFileSignature(file);
result.addSignature(file, signature);
} catch (Exception e) {
FimLogger.warn("Failed to calculate signature for: {}", file, e);
}
});
} else {
// Single file
FileSignature signature = calculateFileSignature(path);
result.addSignature(path, signature);
}
result.setSuccess(true);
} catch (Exception e) {
result.setSuccess(false);
result.setError(e.getMessage());
}
return result;
}
/**
* Calculate file signature with multiple hash algorithms
*/
private FileSignature calculateFileSignature(Path file) {
try {
FileSignature signature = new FileSignature(file);
// Basic file attributes
signature.setSize(Files.size(file));
signature.setLastModified(Files.getLastModifiedTime(file).toMillis());
signature.setPermissions(getFilePermissions(file));
// Calculate hashes
byte[] fileContent = Files.readAllBytes(file);
for (String algorithm : config.getHashAlgorithms()) {
String hash = fileHasher.calculateHash(fileContent, algorithm);
signature.addHash(algorithm, hash);
}
// Additional metadata
signature.setOwner(getFileOwner(file));
signature.setInode(getFileInode(file));
FimLogger.debug("Calculated signature for: {}", file);
return signature;
} catch (Exception e) {
throw new FimException("Failed to calculate signature for: " + file, e);
}
}
/**
* Start all monitoring services
*/
private void startMonitoringServices() {
// Start real-time file system monitoring
startRealTimeMonitoring();
// Start periodic integrity checks
startPeriodicIntegrityChecks();
// Start event processing
startEventProcessing();
// Start reporting
startReporting();
}
/**
* Start real-time file system monitoring
*/
private void startRealTimeMonitoring() {
monitoringExecutor.submit(() -> {
FimLogger.info("Starting real-time file system monitoring");
// Register all monitored paths with watch service
for (Path path : monitoredPaths) {
registerPathForMonitoring(path);
}
// Process watch events
while (running) {
try {
WatchKey key = watchService.take();
processWatchEvents(key);
key.reset();
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
break;
} catch (ClosedWatchServiceException e) {
break;
} catch (Exception e) {
FimLogger.error("Error in real-time monitoring", e);
}
}
FimLogger.info("Real-time file system monitoring stopped");
});
}
/**
* Register a path for real-time monitoring
*/
private void registerPathForMonitoring(Path path) {
try {
if (Files.isDirectory(path)) {
path.register(watchService,
StandardWatchEventKinds.ENTRY_CREATE,
StandardWatchEventKinds.ENTRY_DELETE,
StandardWatchEventKinds.ENTRY_MODIFY);
FimLogger.debug("Registered directory for monitoring: {}", path);
}
} catch (IOException e) {
FimLogger.warn("Failed to register path for monitoring: {}", path, e);
}
}
/**
* Process watch service events
*/
private void processWatchEvents(WatchKey key) {
for (WatchEvent<?> event : key.pollEvents()) {
WatchEvent.Kind<?> kind = event.kind();
Path context = (Path) event.context();
Path fullPath = ((Path) key.watchable()).resolve(context);
// Create file event
FileEvent fileEvent = new FileEvent(fullPath, kind, System.currentTimeMillis());
// Add to processing queue
eventQueue.offer(fileEvent);
FimLogger.debug("File event detected: {} - {}", kind.name(), fullPath);
}
}
/**
* Start periodic integrity checks
*/
private void startPeriodicIntegrityChecks() {
scheduledExecutor.scheduleAtFixedRate(() -> {
if (!running) return;
FimLogger.info("Starting scheduled integrity check");
try {
IntegrityCheckResult result = performIntegrityCheck();
processIntegrityCheckResult(result);
} catch (Exception e) {
FimLogger.error("Scheduled integrity check failed", e);
}
}, config.getCheckInterval(), config.getCheckInterval(), TimeUnit.MILLISECONDS);
}
/**
* Perform comprehensive integrity check
*/
private IntegrityCheckResult performIntegrityCheck() {
IntegrityCheckResult result = new IntegrityCheckResult();
for (Path path : monitoredPaths) {
try {
if (Files.isDirectory(path)) {
Files.walk(path)
.filter(Files::isRegularFile)
.forEach(file -> checkFileIntegrity(file, result));
} else {
checkFileIntegrity(path, result);
}
} catch (IOException e) {
FimLogger.warn("Failed to traverse path: {}", path, e);
result.addError(path, e.getMessage());
}
}
return result;
}
/**
* Check integrity of a single file
*/
private void checkFileIntegrity(Path file, IntegrityCheckResult result) {
try {
FileSignature baseline = baselineDatabase.get(file);
if (baseline == null) {
// New file detected
FileEvent event = new FileEvent(file,
StandardWatchEventKinds.ENTRY_CREATE, System.currentTimeMillis());
eventQueue.offer(event);
return;
}
FileSignature current = calculateFileSignature(file);
IntegrityViolation violation = integrityValidator.validateIntegrity(baseline, current);
if (violation != null) {
result.addViolation(violation);
// Create security event
FileEvent event = new FileEvent(file,
StandardWatchEventKinds.ENTRY_MODIFY, System.currentTimeMillis());
event.setViolation(violation);
eventQueue.offer(event);
}
} catch (Exception e) {
FimLogger.warn("Failed to check file integrity: {}", file, e);
result.addError(file, e.getMessage());
}
}
/**
* Process integrity check results
*/
private void processIntegrityCheckResult(IntegrityCheckResult result) {
if (result.hasViolations()) {
FimLogger.warn("Integrity check found {} violations", result.getViolations().size());
// Generate alert for significant violations
if (result.getViolations().size() > config.getViolationThreshold()) {
generateMassModificationAlert(result);
}
}
if (result.hasErrors()) {
FimLogger.warn("Integrity check encountered {} errors", result.getErrors().size());
}
// Update baseline if configured for auto-update
if (config.isAutoBaselineUpdate() && !result.hasViolations()) {
updateBaseline();
}
}
/**
* Start event processing
*/
private void startEventProcessing() {
monitoringExecutor.submit(() -> {
FimLogger.info("Starting file event processing");
while (running || !eventQueue.isEmpty()) {
try {
FileEvent event = eventQueue.poll(100, TimeUnit.MILLISECONDS);
if (event != null) {
processFileEvent(event);
}
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
break;
} catch (Exception e) {
FimLogger.error("Error processing file event", e);
}
}
FimLogger.info("File event processing stopped");
});
}
/**
* Process individual file event
*/
private void processFileEvent(FileEvent event) {
try {
// Analyze event for suspicious patterns
ThreatAssessment assessment = analyzeEventThreat(event);
// Update baseline if needed
updateBaselineForEvent(event);
// Generate alert if necessary
if (assessment.isSuspicious()) {
generateSecurityAlert(event, assessment);
}
// Log the event
logFileEvent(event, assessment);
// Send to external systems if configured
if (config.isExternalIntegrationEnabled()) {
sendToExternalSystems(event, assessment);
}
} catch (Exception e) {
FimLogger.error("Failed to process file event: {}", event.getFilePath(), e);
}
}
/**
* Analyze event for potential threats
*/
private ThreatAssessment analyzeEventThreat(FileEvent event) {
ThreatAssessment assessment = new ThreatAssessment(event);
// Check for known attack patterns
checkForAttackPatterns(event, assessment);
// Check file type and location
checkFileTypeAndLocation(event, assessment);
// Check timing patterns
checkTimingPatterns(event, assessment);
// Calculate overall threat score
assessment.calculateThreatScore();
return assessment;
}
/**
* Check for known attack patterns
*/
private void checkForAttackPatterns(FileEvent event, ThreatAssessment assessment) {
Path file = event.getFilePath();
String fileName = file.getFileName().toString();
// Check for ransomware patterns
if (fileName.endsWith(".encrypted") || fileName.endsWith(".crypted")) {
assessment.addIndicator(ThreatIndicator.RANSOMWARE, 0.9);
}
// Check for webshell patterns
if (file.toString().contains("/web/") &&
(fileName.endsWith(".jsp") || fileName.endsWith(".php"))) {
assessment.addIndicator(ThreatIndicator.WEBSHELL, 0.7);
}
// Check for system binary replacement
if (isSystemBinary(file) && event.getKind() == StandardWatchEventKinds.ENTRY_MODIFY) {
assessment.addIndicator(ThreatIndicator.SYSTEM_COMPROMISE, 0.8);
}
}
/**
* Check file type and location
*/
private void checkFileTypeAndLocation(FileEvent event, ThreatAssessment assessment) {
Path file = event.getFilePath();
// Check if file is in sensitive location
if (isSensitiveLocation(file)) {
assessment.addIndicator(ThreatIndicator.SENSITIVE_LOCATION, 0.6);
}
// Check file extension
if (isExecutableFile(file)) {
assessment.addIndicator(ThreatIndicator.EXECUTABLE_MODIFICATION, 0.5);
}
}
/**
* Check timing patterns
*/
private void checkTimingPatterns(FileEvent event, ThreatAssessment assessment) {
long currentHour = Calendar.getInstance().get(Calendar.HOUR_OF_DAY);
// Check for activity during non-business hours
if (currentHour < 6 || currentHour > 20) {
assessment.addIndicator(ThreatIndicator.AFTER_HOURS_ACTIVITY, 0.4);
}
}
/**
* Update baseline based on event
*/
private void updateBaselineForEvent(FileEvent event) {
Path file = event.getFilePath();
try {
switch (event.getKind().name()) {
case "ENTRY_CREATE":
case "ENTRY_MODIFY":
FileSignature newSignature = calculateFileSignature(file);
baselineDatabase.put(file, newSignature);
FimLogger.debug("Updated baseline for: {}", file);
break;
case "ENTRY_DELETE":
baselineDatabase.remove(file);
FimLogger.debug("Removed from baseline: {}", file);
break;
}
} catch (Exception e) {
FimLogger.warn("Failed to update baseline for: {}", file, e);
}
}
/**
* Generate security alert
*/
private void generateSecurityAlert(FileEvent event, ThreatAssessment assessment) {
SecurityAlert alert = new SecurityAlert(event, assessment);
FimLogger.warn("SECURITY ALERT: {} - Threat Score: {}/10",
event.getFilePath(), assessment.getThreatScore());
// Send alert to configured channels
sendAlertToChannels(alert);
// Take automated response actions if configured
if (config.isAutoResponseEnabled() && assessment.getThreatScore() > 7.0) {
takeAutomatedResponse(event, assessment);
}
}
/**
* Send alert to configured channels
*/
private void sendAlertToChannels(SecurityAlert alert) {
// Email alerts
if (config.isEmailAlertsEnabled()) {
sendEmailAlert(alert);
}
// SIEM integration
if (config.isSiemIntegrationEnabled()) {
sendToSiem(alert);
}
// Slack/Teams integration
if (config.isChatAlertsEnabled()) {
sendChatAlert(alert);
}
}
/**
* Take automated response actions
*/
private void takeAutomatedResponse(FileEvent event, ThreatAssessment assessment) {
FimLogger.warn("Taking automated response for: {}", event.getFilePath());
try {
// Quarantine file
if (config.isQuarantineEnabled()) {
quarantineFile(event.getFilePath());
}
// Block process if identified
if (assessment.getSuspectedProcess() != null) {
blockProcess(assessment.getSuspectedProcess());
}
// Isolate system if critical threat
if (assessment.getThreatScore() >= 9.0) {
isolateSystem();
}
} catch (Exception e) {
FimLogger.error("Automated response failed", e);
}
}
/**
* Start reporting service
*/
private void startReporting() {
scheduledExecutor.scheduleAtFixedRate(() -> {
if (!running) return;
try {
generateReports();
} catch (Exception e) {
FimLogger.error("Report generation failed", e);
}
}, config.getReportInterval(), config.getReportInterval(), TimeUnit.MILLISECONDS);
}
/**
* Generate monitoring reports
*/
private void generateReports() {
try {
// Generate integrity report
IntegrityReport integrityReport = generateIntegrityReport();
// Generate security report
SecurityReport securityReport = generateSecurityReport();
// Generate compliance report
ComplianceReport complianceReport = generateComplianceReport();
// Save reports
saveReports(integrityReport, securityReport, complianceReport);
FimLogger.info("Generated monitoring reports");
} catch (Exception e) {
FimLogger.error("Failed to generate reports", e);
}
}
/**
* Manual integrity check for specific path
*/
public IntegrityCheckResult checkPathIntegrity(Path path) {
if (!monitoredPaths.contains(path)) {
throw new FimException("Path not monitored: " + path);
}
IntegrityCheckResult result = new IntegrityCheckResult();
try {
if (Files.isDirectory(path)) {
Files.walk(path)
.filter(Files::isRegularFile)
.forEach(file -> checkFileIntegrity(file, result));
} else {
checkFileIntegrity(path, result);
}
} catch (IOException e) {
throw new FimException("Failed to check path integrity: " + path, e);
}
return result;
}
/**
* Add path to monitoring
*/
public void addMonitoredPath(Path path) {
if (monitoredPaths.add(path)) {
// Establish baseline for new path
BaselineResult result = createBaselineForPath(path);
if (result.isSuccess()) {
baselineDatabase.putAll(result.getSignatures());
registerPathForMonitoring(path);
FimLogger.info("Added path to monitoring: {}", path);
} else {
monitoredPaths.remove(path);
throw new FimException("Failed to establish baseline for: " + path);
}
}
}
/**
* Remove path from monitoring
*/
public void removeMonitoredPath(Path path) {
if (monitoredPaths.remove(path)) {
// Remove from baseline database
baselineDatabase.keySet().removeIf(key -> key.startsWith(path));
FimLogger.info("Removed path from monitoring: {}", path);
}
}
/**
* Update baseline for all monitored paths
*/
public void updateBaseline() {
FimLogger.info("Updating baseline for all monitored paths");
establishBaseline();
}
/**
* Get current monitoring status
*/
public MonitoringStatus getMonitoringStatus() {
MonitoringStatus status = new MonitoringStatus();
status.setRunning(running);
status.setMonitoredPaths(monitoredPaths.size());
status.setFilesInBaseline(baselineDatabase.size());
status.setEventQueueSize(eventQueue.size());
status.setLastCheckTime(System.currentTimeMillis());
return status;
}
/**
* Shutdown the FIM system
*/
public void shutdown() {
running = false;
try {
watchService.close();
} catch (IOException e) {
FimLogger.warn("Error closing watch service", e);
}
monitoringExecutor.shutdown();
scheduledExecutor.shutdown();
try {
if (!monitoringExecutor.awaitTermination(30, TimeUnit.SECONDS)) {
monitoringExecutor.shutdownNow();
}
if (!scheduledExecutor.awaitTermination(30, TimeUnit.SECONDS)) {
scheduledExecutor.shutdownNow();
}
} catch (InterruptedException e) {
monitoringExecutor.shutdownNow();
scheduledExecutor.shutdownNow();
Thread.currentThread().interrupt();
}
FimLogger.info("Titliel File Integrity Monitor shutdown completed");
}
// Utility methods
private Set<Path> getSystemCriticalPaths() {
Set<Path> systemPaths = new HashSet<>();
// Common system paths that should be monitored
if (System.getProperty("os.name").toLowerCase().contains("linux")) {
systemPaths.add(Paths.get("/etc"));
systemPaths.add(Paths.get("/bin"));
systemPaths.add(Paths.get("/sbin"));
systemPaths.add(Paths.get("/usr/bin"));
systemPaths.add(Paths.get("/usr/sbin"));
} else if (System.getProperty("os.name").toLowerCase().contains("windows")) {
systemPaths.add(Paths.get("C:\\Windows\\System32"));
systemPaths.add(Paths.get("C:\\Windows\\SysWOW64"));
}
return systemPaths;
}
private String getFilePermissions(Path file) {
try {
return PosixFilePermissions.toString(Files.getPosixFilePermissions(file));
} catch (Exception e) {
return "unknown";
}
}
private String getFileOwner(Path file) {
try {
return Files.getOwner(file).getName();
} catch (Exception e) {
return "unknown";
}
}
private String getFileInode(Path file) {
// This would require platform-specific implementation
return "unknown";
}
private boolean isSystemBinary(Path file) {
return file.toString().contains("/bin/") ||
file.toString().contains("/sbin/") ||
file.toString().contains("\\System32\\");
}
private boolean isSensitiveLocation(Path file) {
return file.toString().contains("/etc/") ||
file.toString().contains("/root/") ||
file.toString().contains("/home/") && file.toString().contains("/.ssh/");
}
private boolean isExecutableFile(Path file) {
String fileName = file.getFileName().toString();
return fileName.endsWith(".exe") ||
fileName.endsWith(".dll") ||
fileName.endsWith(".so") ||
fileName.endsWith(".sh") ||
!fileName.contains("."); // No extension often indicates executable
}
// Stub methods for external integrations
private void generateMassModificationAlert(IntegrityCheckResult result) {
FimLogger.critical("MASS MODIFICATION DETECTED: {} files modified",
result.getViolations().size());
}
private void logFileEvent(FileEvent event, ThreatAssessment assessment) {
// Implement logging
}
private void sendToExternalSystems(FileEvent event, ThreatAssessment assessment) {
// Implement external system integration
}
private void sendEmailAlert(SecurityAlert alert) {
// Implement email alerts
}
private void sendToSiem(SecurityAlert alert) {
// Implement SIEM integration
}
private void sendChatAlert(SecurityAlert alert) {
// Implement chat alerts
}
private void quarantineFile(Path file) {
// Implement file quarantine
}
private void blockProcess(String process) {
// Implement process blocking
}
private void isolateSystem() {
// Implement system isolation
}
private IntegrityReport generateIntegrityReport() {
return new IntegrityReport();
}
private SecurityReport generateSecurityReport() {
return new SecurityReport();
}
private ComplianceReport generateComplianceReport() {
return new ComplianceReport();
}
private void saveReports(IntegrityReport integrityReport, SecurityReport securityReport,
ComplianceReport complianceReport) {
// Implement report saving
}
}
Data Models and Supporting Classes
package com.titliel.fim;
import java.nio.file.Path;
import java.nio.file.StandardWatchEventKinds;
import java.nio.file.WatchEvent;
import java.util.*;
/**
* File signature with cryptographic hashes and metadata
*/
public class FileSignature {
private final Path filePath;
private long size;
private long lastModified;
private String permissions;
private String owner;
private String inode;
private final Map<String, String> hashes; // algorithm -> hash
private final long timestamp;
public FileSignature(Path filePath) {
this.filePath = filePath;
this.hashes = new HashMap<>();
this.timestamp = System.currentTimeMillis();
}
// Getters and setters
public Path getFilePath() { return filePath; }
public long getSize() { return size; }
public void setSize(long size) { this.size = size; }
public long getLastModified() { return lastModified; }
public void setLastModified(long lastModified) { this.lastModified = lastModified; }
public String getPermissions() { return permissions; }
public void setPermissions(String permissions) { this.permissions = permissions; }
public String getOwner() { return owner; }
public void setOwner(String owner) { this.owner = owner; }
public String getInode() { return inode; }
public void setInode(String inode) { this.inode = inode; }
public Map<String, String> getHashes() { return Collections.unmodifiableMap(hashes); }
public long getTimestamp() { return timestamp; }
public void addHash(String algorithm, String hash) {
hashes.put(algorithm, hash);
}
public String getHash(String algorithm) {
return hashes.get(algorithm);
}
@Override
public boolean equals(Object obj) {
if (this == obj) return true;
if (obj == null || getClass() != obj.getClass()) return false;
FileSignature that = (FileSignature) obj;
if (size != that.size) return false;
if (lastModified != that.lastModified) return false;
if (!filePath.equals(that.filePath)) return false;
if (!permissions.equals(that.permissions)) return false;
return hashes.equals(that.hashes);
}
@Override
public int hashCode() {
return Objects.hash(filePath, size, lastModified, permissions, hashes);
}
}
/**
* File system event
*/
public class FileEvent {
private final String id;
private final Path filePath;
private final WatchEvent.Kind<?> kind;
private final long timestamp;
private IntegrityViolation violation;
private String processInfo;
private String userInfo;
public FileEvent(Path filePath, WatchEvent.Kind<?> kind, long timestamp) {
this.id = UUID.randomUUID().toString();
this.filePath = filePath;
this.kind = kind;
this.timestamp = timestamp;
}
// Getters and setters
public String getId() { return id; }
public Path getFilePath() { return filePath; }
public WatchEvent.Kind<?> getKind() { return kind; }
public long getTimestamp() { return timestamp; }
public IntegrityViolation getViolation() { return violation; }
public void setViolation(IntegrityViolation violation) { this.violation = violation; }
public String getProcessInfo() { return processInfo; }
public void setProcessInfo(String processInfo) { this.processInfo = processInfo; }
public String getUserInfo() { return userInfo; }
public void setUserInfo(String userInfo) { this.userInfo = userInfo; }
public boolean isCreation() {
return kind == StandardWatchEventKinds.ENTRY_CREATE;
}
public boolean isModification() {
return kind == StandardWatchEventKinds.ENTRY_MODIFY;
}
public boolean isDeletion() {
return kind == StandardWatchEventKinds.ENTRY_DELETE;
}
}
/**
* Integrity violation details
*/
public class IntegrityViolation {
private final Path filePath;
private final ViolationType type;
private final String description;
private final Map<String, Object> details;
private final long timestamp;
public IntegrityViolation(Path filePath, ViolationType type, String description) {
this.filePath = filePath;
this.type = type;
this.description = description;
this.details = new HashMap<>();
this.timestamp = System.currentTimeMillis();
}
// Getters
public Path getFilePath() { return filePath; }
public ViolationType getType() { return type; }
public String getDescription() { return description; }
public Map<String, Object> getDetails() { return Collections.unmodifiableMap(details); }
public long getTimestamp() { return timestamp; }
public void addDetail(String key, Object value) {
details.put(key, value);
}
}
/**
* Types of integrity violations
*/
public enum ViolationType {
HASH_MISMATCH,
SIZE_CHANGED,
PERMISSIONS_CHANGED,
OWNER_CHANGED,
LAST_MODIFIED_CHANGED,
FILE_CREATED,
FILE_DELETED,
METADATA_CHANGED
}
/**
* Threat assessment for file events
*/
public class ThreatAssessment {
private final FileEvent event;
private final Map<ThreatIndicator, Double> indicators;
private double threatScore;
private String suspectedProcess;
private String recommendedAction;
public ThreatAssessment(FileEvent event) {
this.event = event;
this.indicators = new HashMap<>();
this.threatScore = 0.0;
}
public void addIndicator(ThreatIndicator indicator, double weight) {
indicators.put(indicator, weight);
}
public void calculateThreatScore() {
this.threatScore = indicators.values().stream()
.mapToDouble(Double::doubleValue)
.average()
.orElse(0.0) * 10; // Scale to 0-10
}
// Getters and setters
public FileEvent getEvent() { return event; }
public Map<ThreatIndicator, Double> getIndicators() { return Collections.unmodifiableMap(indicators); }
public double getThreatScore() { return threatScore; }
public String getSuspectedProcess() { return suspectedProcess; }
public void setSuspectedProcess(String suspectedProcess) { this.suspectedProcess = suspectedProcess; }
public String getRecommendedAction() { return recommendedAction; }
public void setRecommendedAction(String recommendedAction) { this.recommendedAction = recommendedAction; }
public boolean isSuspicious() {
return threatScore >= 5.0;
}
public boolean isCritical() {
return threatScore >= 8.0;
}
}
/**
* Threat indicators
*/
public enum ThreatIndicator {
RANSOMWARE,
WEBSHELL,
SYSTEM_COMPROMISE,
SENSITIVE_LOCATION,
EXECUTABLE_MODIFICATION,
AFTER_HOURS_ACTIVITY,
MASS_MODIFICATION,
SUSPICIOUS_PROCESS
}
/**
* Security alert
*/
public class SecurityAlert {
private final String id;
private final FileEvent event;
private final ThreatAssessment assessment;
private final long timestamp;
private AlertSeverity severity;
public SecurityAlert(FileEvent event, ThreatAssessment assessment) {
this.id = UUID.randomUUID().toString();
this.event = event;
this.assessment = assessment;
this.timestamp = System.currentTimeMillis();
this.severity = calculateSeverity();
}
private AlertSeverity calculateSeverity() {
double score = assessment.getThreatScore();
if (score >= 9.0) return AlertSeverity.CRITICAL;
if (score >= 7.0) return AlertSeverity.HIGH;
if (score >= 5.0) return AlertSeverity.MEDIUM;
return AlertSeverity.LOW;
}
// Getters
public String getId() { return id; }
public FileEvent getEvent() { return event; }
public ThreatAssessment getAssessment() { return assessment; }
public long getTimestamp() { return timestamp; }
public AlertSeverity getSeverity() { return severity; }
}
/**
* Alert severity levels
*/
public enum AlertSeverity {
CRITICAL, HIGH, MEDIUM, LOW, INFO
}
/**
* Baseline establishment result
*/
class BaselineResult {
private final Path path;
private final Map<Path, FileSignature> signatures;
private boolean success;
private String error;
public BaselineResult(Path path) {
this.path = path;
this.signatures = new HashMap<>();
this.success = false;
}
public void addSignature(Path file, FileSignature signature) {
signatures.put(file, signature);
}
// Getters and setters
public Path getPath() { return path; }
public Map<Path, FileSignature> getSignatures() { return Collections.unmodifiableMap(signatures); }
public boolean isSuccess() { return success; }
public void setSuccess(boolean success) { this.success = success; }
public String getError() { return error; }
public void setError(String error) { this.error = error; }
}
/**
* Integrity check result
*/
class IntegrityCheckResult {
private final List<IntegrityViolation> violations;
private final Map<Path, String> errors;
public IntegrityCheckResult() {
this.violations = new ArrayList<>();
this.errors = new HashMap<>();
}
public void addViolation(IntegrityViolation violation) {
violations.add(violation);
}
public void addError(Path path, String error) {
errors.put(path, error);
}
// Getters
public List<IntegrityViolation> getViolations() { return Collections.unmodifiableList(violations); }
public Map<Path, String> getErrors() { return Collections.unmodifiableMap(errors); }
public boolean hasViolations() { return !violations.isEmpty(); }
public boolean hasErrors() { return !errors.isEmpty(); }
}
/**
* Monitoring status
*/
public class MonitoringStatus {
private boolean running;
private int monitoredPaths;
private int filesInBaseline;
private int eventQueueSize;
private long lastCheckTime;
// Getters and setters
public boolean isRunning() { return running; }
public void setRunning(boolean running) { this.running = running; }
public int getMonitoredPaths() { return monitoredPaths; }
public void setMonitoredPaths(int monitoredPaths) { this.monitoredPaths = monitoredPaths; }
public int getFilesInBaseline() { return filesInBaseline; }
public void setFilesInBaseline(int filesInBaseline) { this.filesInBaseline = filesInBaseline; }
public int getEventQueueSize() { return eventQueueSize; }
public void setEventQueueSize(int eventQueueSize) { this.eventQueueSize = eventQueueSize; }
public long getLastCheckTime() { return lastCheckTime; }
public void setLastCheckTime(long lastCheckTime) { this.lastCheckTime = lastCheckTime; }
}
// Stub classes for reporting
class IntegrityReport {}
class SecurityReport {}
class ComplianceReport {}
Cryptographic Hashing and Validation
package com.titliel.fim;
import java.security.*;
import java.util.*;
/**
* Cryptographic file hashing utilities
*/
public class FileHasher {
private final Map<String, MessageDigest> digestCache;
public FileHasher() {
this.digestCache = new HashMap<>();
initializeDigests();
}
private void initializeDigests() {
try {
// Initialize common hash algorithms
String[] algorithms = {"MD5", "SHA-1", "SHA-256", "SHA-512"};
for (String algorithm : algorithms) {
MessageDigest digest = MessageDigest.getInstance(algorithm);
digestCache.put(algorithm, digest);
}
} catch (NoSuchAlgorithmException e) {
throw new FimException("Failed to initialize hash algorithms", e);
}
}
/**
* Calculate hash for file content using specified algorithm
*/
public String calculateHash(byte[] content, String algorithm) {
try {
MessageDigest digest = getDigest(algorithm);
byte[] hashBytes = digest.digest(content);
return bytesToHex(hashBytes);
} catch (Exception e) {
throw new FimException("Failed to calculate hash with algorithm: " + algorithm, e);
}
}
/**
* Calculate multiple hashes for file content
*/
public Map<String, String> calculateHashes(byte[] content, List<String> algorithms) {
Map<String, String> hashes = new HashMap<>();
for (String algorithm : algorithms) {
String hash = calculateHash(content, algorithm);
hashes.put(algorithm, hash);
}
return hashes;
}
/**
* Verify file integrity by comparing hashes
*/
public boolean verifyIntegrity(byte[] content, String expectedHash, String algorithm) {
String actualHash = calculateHash(content, algorithm);
return MessageDigest.isEqual(
hexToBytes(expectedHash),
hexToBytes(actualHash)
);
}
private MessageDigest getDigest(String algorithm) {
MessageDigest digest = digestCache.get(algorithm);
if (digest == null) {
try {
digest = MessageDigest.getInstance(algorithm);
digestCache.put(algorithm, digest);
} catch (NoSuchAlgorithmException e) {
throw new FimException("Unsupported hash algorithm: " + algorithm, e);
}
}
digest.reset(); // Reset for new calculation
return digest;
}
private String bytesToHex(byte[] bytes) {
StringBuilder result = new StringBuilder();
for (byte b : bytes) {
result.append(String.format("%02x", b));
}
return result.toString();
}
private byte[] hexToBytes(String hex) {
int len = hex.length();
byte[] data = new byte[len / 2];
for (int i = 0; i < len; i += 2) {
data[i / 2] = (byte) ((Character.digit(hex.charAt(i), 16) << 4)
+ Character.digit(hex.charAt(i + 1), 16));
}
return data;
}
}
/**
* Integrity validation engine
*/
public class IntegrityValidator {
/**
* Validate file integrity by comparing current state with baseline
*/
public IntegrityViolation validateIntegrity(FileSignature baseline, FileSignature current) {
// Check if file still exists
if (current == null) {
return new IntegrityViolation(
baseline.getFilePath(),
ViolationType.FILE_DELETED,
"File has been deleted"
);
}
List<IntegrityViolation> violations = new ArrayList<>();
// Check file size
if (baseline.getSize() != current.getSize()) {
violations.add(createSizeViolation(baseline, current));
}
// Check last modified time
if (baseline.getLastModified() != current.getLastModified()) {
violations.add(createTimestampViolation(baseline, current));
}
// Check permissions
if (!baseline.getPermissions().equals(current.getPermissions())) {
violations.add(createPermissionViolation(baseline, current));
}
// Check owner
if (!baseline.getOwner().equals(current.getOwner())) {
violations.add(createOwnerViolation(baseline, current));
}
// Check cryptographic hashes
violations.addAll(createHashViolations(baseline, current));
// Return the most significant violation
return violations.stream()
.max(Comparator.comparing(v -> getViolationSeverity(v.getType())))
.orElse(null);
}
private IntegrityViolation createSizeViolation(FileSignature baseline, FileSignature current) {
IntegrityViolation violation = new IntegrityViolation(
baseline.getFilePath(),
ViolationType.SIZE_CHANGED,
String.format("File size changed from %d to %d",
baseline.getSize(), current.getSize())
);
violation.addDetail("oldSize", baseline.getSize());
violation.addDetail("newSize", current.getSize());
violation.addDetail("sizeDifference", current.getSize() - baseline.getSize());
return violation;
}
private IntegrityViolation createTimestampViolation(FileSignature baseline, FileSignature current) {
IntegrityViolation violation = new IntegrityViolation(
baseline.getFilePath(),
ViolationType.LAST_MODIFIED_CHANGED,
String.format("Last modified time changed from %d to %d",
baseline.getLastModified(), current.getLastModified())
);
violation.addDetail("oldTimestamp", baseline.getLastModified());
violation.addDetail("newTimestamp", current.getLastModified());
violation.addDetail("timeDifference", current.getLastModified() - baseline.getLastModified());
return violation;
}
private IntegrityViolation createPermissionViolation(FileSignature baseline, FileSignature current) {
IntegrityViolation violation = new IntegrityViolation(
baseline.getFilePath(),
ViolationType.PERMISSIONS_CHANGED,
String.format("Permissions changed from %s to %s",
baseline.getPermissions(), current.getPermissions())
);
violation.addDetail("oldPermissions", baseline.getPermissions());
violation.addDetail("newPermissions", current.getPermissions());
return violation;
}
private IntegrityViolation createOwnerViolation(FileSignature baseline, FileSignature current) {
IntegrityViolation violation = new IntegrityViolation(
baseline.getFilePath(),
ViolationType.OWNER_CHANGED,
String.format("Owner changed from %s to %s",
baseline.getOwner(), current.getOwner())
);
violation.addDetail("oldOwner", baseline.getOwner());
violation.addDetail("newOwner", current.getOwner());
return violation;
}
private List<IntegrityViolation> createHashViolations(FileSignature baseline, FileSignature current) {
List<IntegrityViolation> violations = new ArrayList<>();
FileHasher hasher = new FileHasher();
for (Map.Entry<String, String> entry : baseline.getHashes().entrySet()) {
String algorithm = entry.getKey();
String baselineHash = entry.getValue();
String currentHash = current.getHash(algorithm);
if (currentHash == null) {
// This algorithm not available in current signature
continue;
}
if (!baselineHash.equals(currentHash)) {
IntegrityViolation violation = new IntegrityViolation(
baseline.getFilePath(),
ViolationType.HASH_MISMATCH,
String.format("Hash mismatch for algorithm %s", algorithm)
);
violation.addDetail("algorithm", algorithm);
violation.addDetail("expectedHash", baselineHash);
violation.addDetail("actualHash", currentHash);
violations.add(violation);
}
}
return violations;
}
private int getViolationSeverity(ViolationType type) {
switch (type) {
case HASH_MISMATCH: return 100;
case SIZE_CHANGED: return 90;
case FILE_DELETED: return 80;
case PERMISSIONS_CHANGED: return 70;
case OWNER_CHANGED: return 60;
case LAST_MODIFIED_CHANGED: return 50;
case FILE_CREATED: return 40;
default: return 10;
}
}
}
Configuration Management
package com.titliel.fim;
import java.io.*;
import java.nio.file.*;
import java.util.*;
import java.util.stream.Collectors;
/**
* FIM configuration management
*/
public class FimConfig {
private static FimConfig instance;
private final Properties properties;
private FimConfig() {
this.properties = loadProperties();
}
public static synchronized FimConfig getInstance() {
if (instance == null) {
instance = new FimConfig();
}
return instance;
}
private Properties loadProperties() {
Properties props = new Properties();
// Load from system properties
props.putAll(System.getProperties());
// Load from configuration file
Path configFile = getConfigFilePath();
try (InputStream input = Files.newInputStream(configFile)) {
props.load(input);
FimLogger.info("Loaded configuration from: {}", configFile);
} catch (IOException e) {
FimLogger.warn("Configuration file not found, using defaults: {}", configFile);
}
// Load from environment variables
loadFromEnvironment(props);
// Set defaults
setDefaults(props);
return props;
}
private Path getConfigFilePath() {
// Check common configuration locations
String[] possiblePaths = {
"/etc/titliel/fim.properties",
"./config/fim.properties",
"./fim.properties"
};
for (String path : possiblePaths) {
Path configPath = Paths.get(path);
if (Files.exists(configPath)) {
return configPath;
}
}
// Return default path
return Paths.get("/etc/titliel/fim.properties");
}
private void loadFromEnvironment(Properties props) {
// FIM-specific environment variables
Map<String, String> envVars = System.getenv();
for (Map.Entry<String, String> entry : envVars.entrySet()) {
if (entry.getKey().startsWith("FIM_")) {
String propName = entry.getKey().toLowerCase().replace('_', '.');
props.setProperty("fim." + propName, entry.getValue());
}
}
}
private void setDefaults(Properties props) {
props.setProperty("fim.monitoring.threads", "5");
props.setProperty("fim.check.interval", "300000"); // 5 minutes
props.setProperty("fim.report.interval", "3600000"); // 1 hour
props.setProperty("fim.violation.threshold", "10");
props.setProperty("fim.auto.baseline.update", "false");
props.setProperty("fim.auto.response.enabled", "false");
props.setProperty("fim.quarantine.enabled", "false");
props.setProperty("fim.monitor.system.paths", "true");
props.setProperty("fim.email.alerts.enabled", "false");
props.setProperty("fim.siem.integration.enabled", "false");
props.setProperty("fim.chat.alerts.enabled", "false");
props.setProperty("fim.external.integration.enabled", "false");
props.setProperty("fim.hash.algorithms", "SHA-256,SHA-512");
props.setProperty("fim.log.level", "INFO");
props.setProperty("fim.monitored.paths", "/etc,/var/log");
}
// Configuration getters
public int getMonitoringThreads() {
return Integer.parseInt(properties.getProperty("fim.monitoring.threads", "5"));
}
public long getCheckInterval() {
return Long.parseLong(properties.getProperty("fim.check.interval", "300000"));
}
public long getReportInterval() {
return Long.parseLong(properties.getProperty("fim.report.interval", "3600000"));
}
public int getViolationThreshold() {
return Integer.parseInt(properties.getProperty("fim.violation.threshold", "10"));
}
public boolean isAutoBaselineUpdate() {
return Boolean.parseBoolean(properties.getProperty("fim.auto.baseline.update", "false"));
}
public boolean isAutoResponseEnabled() {
return Boolean.parseBoolean(properties.getProperty("fim.auto.response.enabled", "false"));
}
public boolean isQuarantineEnabled() {
return Boolean.parseBoolean(properties.getProperty("fim.quarantine.enabled", "false"));
}
public boolean isMonitorSystemPaths() {
return Boolean.parseBoolean(properties.getProperty("fim.monitor.system.paths", "true"));
}
public boolean isEmailAlertsEnabled() {
return Boolean.parseBoolean(properties.getProperty("fim.email.alerts.enabled", "false"));
}
public boolean isSiemIntegrationEnabled() {
return Boolean.parseBoolean(properties.getProperty("fim.siem.integration.enabled", "false"));
}
public boolean isChatAlertsEnabled() {
return Boolean.parseBoolean(properties.getProperty("fim.chat.alerts.enabled", "false"));
}
public boolean isExternalIntegrationEnabled() {
return Boolean.parseBoolean(properties.getProperty("fim.external.integration.enabled", "false"));
}
public List<String> getHashAlgorithms() {
String algorithms = properties.getProperty("fim.hash.algorithms", "SHA-256,SHA-512");
return Arrays.stream(algorithms.split(","))
.map(String::trim)
.collect(Collectors.toList());
}
public String getLogLevel() {
return properties.getProperty("fim.log.level", "INFO");
}
public Set<Path> getMonitoredPaths() {
String paths = properties.getProperty("fim.monitored.paths", "/etc,/var/log");
return Arrays.stream(paths.split(","))
.map(String::trim)
.map(Path::of)
.collect(Collectors.toSet());
}
public void setProperty(String key, String value) {
properties.setProperty(key, value);
}
public void saveConfiguration() {
Path configFile = getConfigFilePath();
try {
Files.createDirectories(configFile.getParent());
try (OutputStream output = Files.newOutputStream(configFile)) {
properties.store(output, "Titliel FIM Configuration");
}
FimLogger.info("Configuration saved to: {}", configFile);
} catch (IOException e) {
FimLogger.error("Failed to save configuration", e);
}
}
}
Usage Examples
package com.titliel.examples;
import com.titliel.fim.TitlielFileIntegrityMonitor;
import com.titliel.fim.MonitoringStatus;
import com.titliel.fim.IntegrityCheckResult;
import java.nio.file.Paths;
/**
* Example usage of Titliel File Integrity Monitor
*/
public class FimExample {
public static void main(String[] args) {
// Initialize FIM system
TitlielFileIntegrityMonitor fim = new TitlielFileIntegrityMonitor();
try {
// Get initial status
MonitoringStatus status = fim.getMonitoringStatus();
System.out.println("FIM Status: " + (status.isRunning() ? "RUNNING" : "STOPPED"));
System.out.println("Monitored paths: " + status.getMonitoredPaths());
System.out.println("Files in baseline: " + status.getFilesInBaseline());
// Add additional paths to monitor
fim.addMonitoredPath(Paths.get("/opt/myapp/config"));
fim.addMonitoredPath(Paths.get("/opt/myapp/logs"));
// Perform manual integrity check
IntegrityCheckResult result = fim.checkPathIntegrity(Paths.get("/etc"));
if (result.hasViolations()) {
System.out.println("Integrity violations found: " + result.getViolations().size());
result.getViolations().forEach(violation ->
System.out.println(" - " + violation.getDescription()));
}
// Keep the monitor running
Runtime.getRuntime().addShutdownHook(new Thread(fim::shutdown));
Thread.sleep(Long.MAX_VALUE);
} catch (Exception e) {
e.printStackTrace();
} finally {
fim.shutdown();
}
}
}
/**
* Spring Boot Integration
*/
@Component
public class FimSpringIntegration {
private final TitlielFileIntegrityMonitor fim;
public FimSpringIntegration() {
this.fim = new TitlielFileIntegrityMonitor();
}
@EventListener
public void onApplicationEvent(ContextRefreshedEvent event) {
// FIM is automatically started in constructor
MonitoringStatus status = fim.getMonitoringStatus();
if (!status.isRunning()) {
throw new IllegalStateException("FIM failed to start");
}
System.out.println("File Integrity Monitoring active");
System.out.println("Monitoring " + status.getMonitoredPaths() + " paths");
}
@PreDestroy
public void cleanup() {
fim.shutdown();
}
@Scheduled(fixedRate = 300000) // Every 5 minutes
public void performScheduledCheck() {
try {
IntegrityCheckResult result = fim.checkPathIntegrity(Paths.get("/etc"));
if (result.hasViolations()) {
// Send alert
sendIntegrityAlert(result);
}
} catch (Exception e) {
System.err.println("Scheduled integrity check failed: " + e.getMessage());
}
}
private void sendIntegrityAlert(IntegrityCheckResult result) {
// Implement alerting logic
System.out.println("ALERT: " + result.getViolations().size() + " integrity violations detected");
}
}
/**
* Docker Container Integration
*/
public class ContainerFimExample {
public static void main(String[] args) {
TitlielFileIntegrityMonitor fim = new TitlielFileIntegrityMonitor();
// Custom configuration for container environment
FimConfig config = FimConfig.getInstance();
config.setProperty("fim.monitor.system.paths", "false");
config.setProperty("fim.monitored.paths", "/app/config,/app/data");
config.setProperty("fim.auto.response.enabled", "true");
config.setProperty("fim.quarantine.enabled", "true");
try {
// Monitor application-specific paths
fim.addMonitoredPath(Paths.get("/app/config"));
fim.addMonitoredPath(Paths.get("/app/data"));
fim.addMonitoredPath(Paths.get("/app/logs"));
// Start application
startApplication();
// Keep FIM active
Runtime.getRuntime().addShutdownHook(new Thread(fim::shutdown));
Thread.sleep(Long.MAX_VALUE);
} catch (Exception e) {
e.printStackTrace();
fim.shutdown();
}
}
private static void startApplication() {
// Application startup logic
}
}
/**
* CI/CD Pipeline Integration
*/
class CICDIntegration {
public boolean performPreDeploymentCheck() {
TitlielFileIntegrityMonitor fim = new TitlielFileIntegrityMonitor();
try {
// Configure for pre-deployment check
FimConfig config = FimConfig.getInstance();
config.setProperty("fim.auto.baseline.update", "true");
config.setProperty("fim.check.interval", "60000"); // 1 minute
// Monitor deployment artifacts
fim.addMonitoredPath(Paths.get("/deployment/artifacts"));
fim.addMonitoredPath(Paths.get("/deployment/config"));
// Wait for any file changes during deployment
Thread.sleep(120000); // 2 minutes
// Check for unauthorized changes
IntegrityCheckResult result = fim.performIntegrityCheck();
if (result.hasViolations()) {
System.err.println("Deployment failed: Unauthorized file changes detected");
result.getViolations().forEach(violation ->
System.err.println(" - " + violation.getDescription()));
return false;
}
System.out.println("Deployment integrity check passed");
return true;
} catch (Exception e) {
System.err.println("Deployment check failed: " + e.getMessage());
return false;
} finally {
fim.shutdown();
}
}
}
Maven Dependencies
<dependencies> <!-- Core Java Dependencies --> <!-- Logging --> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> <version>2.0.7</version> </dependency> <dependency> <groupId>ch.qos.logback</groupId> <artifactId>logback-classic</artifactId> <version>1.4.8</version> </dependency> <!-- JSON Processing for Reports --> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>2.15.0</version> </dependency> <!-- Email Alerts --> <dependency> <groupId>com.sun.mail</groupId> <artifactId>javax.mail</artifactId> <version>1.6.2</version> <optional>true</optional> </dependency> <!-- HTTP Client for SIEM Integration --> <dependency> <groupId>org.apache.httpcomponents.client5</groupId> <artifactId>httpclient5</artifactId> <version>5.2.1</version> <optional>true</optional> </dependency> <!-- Spring Integration (Optional) --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter</artifactId> <version>3.1.0</version> <optional>true</optional> </dependency> </dependencies>
Best Practices
1. Monitoring Strategy
- Monitor critical system paths and application directories
- Use multiple hash algorithms for stronger integrity verification
- Implement real-time monitoring combined with periodic checks
2. Performance Optimization
- Use efficient data structures for baseline storage
- Implement file exclusion patterns for temporary files
- Use threading for parallel integrity checks
3. Security Considerations
- Store baseline database securely with access controls
- Use cryptographically strong hash algorithms (SHA-256, SHA-512)
- Implement secure alerting channels
4. Incident Response
- Implement automated quarantine for suspicious files
- Maintain detailed audit trails for forensic analysis
- Integrate with SIEM and SOAR platforms
5. Compliance and Reporting
- Generate compliance reports for regulations (PCI DSS, HIPAA, etc.)
- Maintain change management records
- Implement tamper-evident logging
This Titliel File Integrity Monitoring implementation provides enterprise-grade file integrity monitoring with real-time detection, cryptographic verification, and advanced threat analysis capabilities.
Advanced Java Supply Chain Security, Kubernetes Hardening & Runtime Threat Detection
Sigstore Rekor in Java – https://macronepal.com/blog/sigstore-rekor-in-java/
Explains integrating Sigstore Rekor into Java systems to create a transparent, tamper-proof log of software signatures and metadata for verifying supply chain integrity.
Securing Java Applications with Chainguard Wolfi – https://macronepal.com/blog/securing-java-applications-with-chainguard-wolfi-a-comprehensive-guide/
Explains using Chainguard Wolfi minimal container images to reduce vulnerabilities and secure Java applications with hardened, lightweight runtime environments.
Cosign Image Signing in Java Complete Guide – https://macronepal.com/blog/cosign-image-signing-in-java-complete-guide/
Explains how to digitally sign container images using Cosign in Java-based workflows to ensure authenticity and prevent unauthorized modifications.
Secure Supply Chain Enforcement Kyverno Image Verification for Java Containers – https://macronepal.com/blog/secure-supply-chain-enforcement-kyverno-image-verification-for-java-containers/
Explains enforcing Kubernetes policies with Kyverno to verify container image signatures and ensure only trusted Java container images are deployed.
Pod Security Admission in Java Securing Kubernetes Deployments for JVM Applications – https://macronepal.com/blog/pod-security-admission-in-java-securing-kubernetes-deployments-for-jvm-applications/
Explains Kubernetes Pod Security Admission policies that enforce security rules like restricted privileges and safe configurations for Java workloads.
Securing Java Applications at Runtime Kubernetes Security Context – https://macronepal.com/blog/securing-java-applications-at-runtime-a-guide-to-kubernetes-security-context/
Explains how Kubernetes security contexts control runtime permissions, user IDs, and access rights for Java containers to improve isolation.
Process Anomaly Detection in Java Behavioral Monitoring – https://macronepal.com/blog/process-anomaly-detection-in-java-comprehensive-behavioral-monitoring-2/
Explains detecting abnormal runtime behavior in Java applications to identify potential security threats using process monitoring techniques.
Achieving Security Excellence CIS Benchmark Compliance for Java Applications – https://macronepal.com/blog/achieving-security-excellence-implementing-cis-benchmark-compliance-for-java-applications/
Explains applying CIS security benchmarks to Java environments to standardize hardening and improve overall system security posture.
Process Anomaly Detection in Java Behavioral Monitoring – https://macronepal.com/blog/process-anomaly-detection-in-java-comprehensive-behavioral-monitoring/
Explains behavioral monitoring of Java processes to detect anomalies and improve runtime security through continuous observation and analysis.