Your browser does not allow storing cookies. We recommend enabling them.


Automatically Detected Changes in Managed Files

The Management Agent keeps track of all centrally managed Tectia-related files on the host. The Management Agent tracks the files on each Tectia application separately so that all managed files of an application form one set of files. If any one of these files is modified locally, the system will notice it and the Management Agent reports it to the Management Server. The changed configurations are marked in red in the Configurations → View Configurations view.

Any further configuration updates on the application will be disabled, unless an administrator explicitly allows overwriting of the local changes.

The managed file change detection is used for the following purposes:

  • To prevent accidental configuration overwrites. If the centrally managed configuration is somehow non-functional on a host, the administrator might fix the problem by making local configuration modifications to the configuration files. The next time the centrally managed configuration is deployed, the file change detection notices the local changes and refuses to overwrite changes without an explicit request from the Management Server administrator.

  • To collect information on hosts which have local configuration modifications. The Management Agent checks the status of the managed files periodically and during the configuration deployment. If the configurations have been modified, the Management Agent sends a notification to the Management Server, and the configuration status is updated in the host view dialogs.

  • To detect possible security breaches due to local changes on managed hosts. The periodic file status checking detects all locally modified configuration files and reports them to the Management Server.

The managed file change detection is implemented in the Management Agent with some help from the Management Server. The Management Agent computes an SHA-1 hash digest over each centrally managed file that is deployed to a host. The SHA-1 digests and the file permissions are stored in local information files on the host. Each application has its own information file containing information about its centrally managed files. The file change detection is implemented by tracking the content of the files and their permissions. It does not depend on the file modification times nor user or group IDs.

When a new configuration is deployed to the host, the Management Agent first checks the status of the existing files. If the files have not been modified, the configuration is deployed normally. If any of the old files have been modified, the configuration deployment operation is cancelled and an error is reported to the Management Server. The error message contains information about the locally changed files including the names of the first 10 modified files.

The local changes can be overwritten with an explicit request from the Management Server. In this case, a backup copy of each locally modified file is saved as filename.orig before the file is overwritten. Note that the system keeps only one backup copy of each file.

File change detection also detects if someone has modified the information file of the Management Agent on a host. When a configuration is deployed to a host, the Management Agent computes an SHA-1 hash digest over its information file. The hash digest is stored on the Management Server and it is returned to the Management Agent on each configuration deployment. Therefore, even if someone managed to change a file and the Management Agent information file, this will be detected when a new configuration is deployed to the host.


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more