Installing File Integrity Monitoring on BOSH Director

Page last updated:

This topic describes how to install Pivotal File Integrity Monitoring (FIM) on BOSH Director.

When you install the FIM tile using Pivotal Operations Manager, FIM does not monitor the files on your BOSH Director. To apply FIM to the BOSH Director VM, you must do the below procedures.

Prerequisites

Before you install FIM, you must have:

  • A Pivotal Platform operator user account with admin rights. See Pivotal Platform Operators.

  • Pivotal Operations Manager v2.5 or later.

  • A web server accessible from Ops Manager to serve the FIM binary.

Install FIM

To install FIM on your BOSH Director:

  1. Download the FIM tile from Pivotal Network.

  2. Untar the FIM tile by running:

    tar zxvf p-fim-X.X.X.pivotal -C PATH-TO-UNTAR
    

    For example:

    $ tar zxvf p-fim-2.0.0.pivotal -C /tmp
    
  3. Find and record the SHA checksum for the binary file by running:

    shasum PATH-TO-UNTAR/releases/fim-X.X.X.tgz
    

    For example:

    $ shasum /tmp/releases/fim-2.0.0.tgz
    5edf5fd2f9bf8e876b6bdc871e53b5db97593b21 fim-2.0.0.tgz
    
  4. Copy the binary file to your web server.

  5. Add FIM to BOSH Director by running:

    om  \
    -t OPS-MANAGER-URL \
    -u OPS-MANAGER-USERNAME \
    -p OPS-MANAGER-PASSWORD \
    curl -p "/api/v0/staged/director/manifest_operations/add_job_to_instance_group" \
    -x POST \
    -H "Content-Type: application/json" \
    -d '{
            "add_job_to_instance_group": {
              "instance_group": "bosh",
              "job_name": "fim",
              "release_name": "fim",
              "release_url": "FIM-BINARY-URL",
              "release_sha1": "FIM-SHA1",
              "job_properties": {"fim": {}}
            }
        }'
    

    Where:

    • FIM-BINARY-URL is the URL to the binary file on your web server.
    • FIM-SHA1 is the SHA checksum for the binary file you recorded in the above step.

    The output of the above command looks similar to the following:

    Status: 201 Created
    Cache-Control: no-cache, no-store
    Connection: keep-alive
    Content-Type: application/json; charset=utf-8
    Date: Mon, 04 Nov 2019 17:09:08 GMT
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Pragma: no-cache
    Referrer-Policy: strict-origin-when-cross-origin
    Server: Ops Manager
    Strict-Transport-Security: max-age=31536000; includeSubDomains
    X-Content-Type-Options: nosniff
    X-Download-Options: noopen
    X-Frame-Options: SAMEORIGIN
    X-Permitted-Cross-Domain-Policies: none
    X-Request-Id: 7d961c91-b7d6-428c-a68d-c36c9059f7f9
    X-Runtime: 0.220906
    X-Xss-Protection: 1; mode=block
    {
      "add_job_to_instance_group": {
        "instance_group": "bosh",
        "job_name": "fim",
        "release_name": "fim",
        "release_url": "http://localhost:4567/fim-1.5.0.tgz",
        "release_sha1": "15c52a9e56ca8e796dd61b55a48d962e2f4e763b",
        "job_properties": {
          "fim": {}
        },
        "guid": "op-653b1111a60a",
        "product_guid": "p-bosh-eb686414b9fa37183507"
      }
    }
    
  6. Record the value of guid in the above output. If you want to delete FIM from BOSH Director, you need this value.

  7. Navigate to the Installation Dashboard in Ops Manager.

  8. Click Review Pending Changes.

  9. Select BOSH Director. Do not select any other checkbox.

  10. Click Apply Changes.

Verify FIM Installation

To verify that FIM is running on your BOSH Director:

  1. SSH into the BOSH Director VM. For instructions, see SSH Into the BOSH Director VM.

  2. View the status of processes running on BOSH Director by running:

    sudo monit summary
    

    For example:

    bosh/0:~$ sudo monit summary
    The Monit daemon 5.2.5 uptime: 4m
    
    Process 'system-metrics-server'     running
    Process 'nats'                      running
    Process 'postgres'                  running
    Process 'director'                  running
    Process 'worker_1'                  running
    Process 'worker_2'                  running
    Process 'worker_3'                  running
    Process 'director_scheduler'        running
    Process 'director_sync_dns'         running
    Process 'director_nginx'            running
    Process 'health_monitor'            running
    Process 'uaa'                       running
    Process 'credhub'                   running
    Process 'blobstore_nginx'           running
    Process 'fim'                       running
    System 'system_localhost'           running
    
  3. Confirm that fim is present in the above output.

Uninstall FIM

To uninstall FIM from your BOSH Director:

  1. Uninstall FIM by running:

    om  \
    -t OPS-MANAGER-URL \
    -u OPS-MANAGER-USERNAME \
    -p OPS-MANAGER-PASSWORD \
    curl -p "/api/v0/staged/director/manifest_operations/add_job_to_instance_group/FIM-GUID" \
    -x DELETE \
    

    Where FIM-GUID is the value of guid you recorded in Install FIM above.