File-Change Detection or Integrity Monitoring Systems
Pretty much the only thing left to do is to make sure that our data is not being changed or altered without our prior knowledge or consent. We can do this on our systems by using what is known as File-Change Detection or Integrity Monitoring Systems. They are very common server-side but also important to consider for your personal systems as well. These applications/services for your system work by monitoring certain files or sections of your system for any sort of read or write changes. So if we had a system like this configured on our server and someone were to break into it without our permission, we could be alerted by email if certain files were to be accessed or changed. This would give us a heads up that one of our systems has been compromised.
I am not really an expert in using these types of tools but I have done a bit of reading on them and have found two popular ones that you can do your own research into.
- OSSEC - https://www.ossec.net/
- Tripwire - https://www.tripwire.com/solutions/file-integrity-and-change-monitoring/
As a side note, I have a friend who has developed a rootkit that is able to bypass OSSEC in its default state on Debian 7. I am unsure on whether this works on a Debian 8 system but can confirm that it is NOT streamlined for any other OS. The reality is that even with File-Change Detection Systems, it is still possible to completely roll your system onto its back if someone is experienced enough. Nonetheless, adding these security measures into your setup isn’t a bad thing and will only work to increase the security you have.
For further reading see: