Your browser does not allow storing cookies. We recommend enabling them.


Automatically Detected Changes in Managed Files

The Management Agent keeps track of all centrally managed Tectia-related files on the host. The Management Agent tracks the files on each Tectia application separately so that all managed files of an application form one set of files. If any one of these files is modified locally, the system will notice it and the Management Agent reports it to the Management Server. The changed configurations are marked in red in the Configurations → View Configurations view.

Any further configuration updates on the application will be disabled, unless an administrator explicitly allows overwriting of the local changes.

The managed file change detection is used for the following purposes:

  • To prevent accidental configuration overwrites. If the centrally managed configuration is somehow non-functional on a host, the administrator might fix the problem by making local configuration modifications to the configuration files. The next time the centrally managed configuration is deployed, the file change detection notices the local changes and refuses to overwrite changes without an explicit request from the Management Server administrator.

  • To collect information on hosts which have local configuration modifications. The Management Agent checks the status of the managed files periodically and during the configuration deployment. If the configurations have been modified, the Management Agent sends a notification to the Management Server, and the configuration status is updated in the host view dialogs.

  • To detect possible security breaches due to local changes on managed hosts. The periodic file status checking detects all locally modified configuration files and reports them to the Management Server.

The managed file change detection is implemented in the Management Agent with some help from the Management Server. The Management Agent computes an SHA-1 hash digest over each centrally managed file that is deployed to a host. The SHA-1 digests and the file permissions are stored in local information files on the host. Each application has its own information file containing information about its centrally managed files. The file change detection is implemented by tracking the content of the files and their permissions. It does not depend on the file modification times nor user or group IDs.

When a new configuration is deployed to the host, the Management Agent first checks the status of the existing files. If the files have not been modified, the configuration is deployed normally. If any of the old files have been modified, the configuration deployment operation is cancelled and an error is reported to the Management Server. The error message contains information about the locally changed files including the names of the first 10 modified files.

The local changes can be overwritten with an explicit request from the Management Server. In this case, a backup copy of each locally modified file is saved as filename.orig before the file is overwritten. Note that the system keeps only one backup copy of each file.

File change detection also detects if someone has modified the information file of the Management Agent on a host. When a configuration is deployed to a host, the Management Agent computes an SHA-1 hash digest over its information file. The hash digest is stored on the Management Server and it is returned to the Management Agent on each configuration deployment. Therefore, even if someone managed to change a file and the Management Agent information file, this will be detected when a new configuration is deployed to the host.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now