No matter if you’re running a linux environment on premise or in a cloud instance using any distribution (i. e. Ubuntu, Centos, RHEL or something else), you want to know if something has been touched.

CodeNotary allows you exactly that in the most simple way and the verification counterpart is even stored safely outside of your environment.

The following blog post covers the notarization of the /etc directory where configuration files are typically stored and the automatic authentication whenever you log in.

We cover:

  • Install vcn
  • Notarize file or folder
  • change your bash profile to authenticate whenever logging in
  • some example

Install vcn

There are plenty of different ways to install the vcn Command line tool. And of course you can build it yourself. The GitHub repository can be found here:

and the latest release:

If you want a quick installation (Linux, MacOS), you can also use our installation script:

bash <(curl -L)

You can check our manual or simply type vcn help

Notarize file or folder

As vcn is installed and running we can notarize the folder or files we like to verify everytime we log in. These could be:

  • configuration files (Apache, NGINX, Firewall services, Sudoers files and much more)
  • folders containing configuration files
  • file or folders that should never change unnoticed

Make sure you have a free CodeNotary account, so you can notarize and only check for your own digital objects.

The notarization of the /etc folder

Tip: Depending on the installation, you might need to use sudo!

# first login with your CodeNotary account credentials
vcn login

# Notarize /etc - dir:// acts on the whole folder or directory
# type your password when requested
vcn n dir:///etc 

Folder protection using CodeNotary

Notarize /etc as a folder

That’s already it and you can easily double check in your dashboard or by simply typing vcn a dir:///etc if all worked.

dashboard to check the notarization

check the notarization details

In case you simply want to check one or some files, you can use vcn n /path/file without the dir://.

Change your bash profile to authenticate whenever logging in

Instead of authenticate or verify the configuration folder /etc everytime we log in, we want to do that in an automatic way. This example is simple but could be enhanced very easily to secure the environment even more.

Change your local profile: nano ~/.profile and add the following lines:

# calculate the SHA256 checksum of vcn (check the path vcn is installed
# /usr/bin/vcn or /usr/local/bin and change accordingly
CHECKSUM=$(sha256sum /usr/local/bin/vcn | cut -d " " -f 1)

# check if the vendor notarized vcn
# of course you can notarize yourself and check against your identity as well
curl -s$CHECKSUM? | grep -q :0

# error if the curl command failed and vcn could not be authenticated
test $? -eq 0 || echo "VCN Authenticate: FAILED"

# use vcn to authenticate /etc and check against the blockchain
# make sure to change 0x000000000 to your signer key (vcn info)
vcn a dir:///etc -s 0x000000000

# error if vcn could not authenticate /etc
test $? -eq 0 || echo "VCN Auth /etc: FAILED"

Save the file and the next login is already checking the /etc folder.

Some example

Nothing changed since the notarization took place:

no changed in /etc detected

After changing the /etc/sudoers file

the change is automatically being detected


As you could see its so easy and straightforward to use CodeNotary to protect your directories or folders. That works for Linux, MacOS and of course Windows as well (we’re covering Microsoft Windows another time).

Metrics and Logs

(formerly, Opvizor Performance Analyzer)

VMware vSphere & Cloud

Monitor and Analyze Performance and Log files:
Performance monitoring for your systems and applications with log analysis (tamperproof using immudb) and license compliance (RedHat, Oracle, SAP and more) in one virtual appliance!

Subscribe to Our Newsletter

Get the latest product updates, company news, and special offers delivered right to your inbox.
Share on twitter
Share on linkedin
Share on facebook
Share on email

Subscribe to our newsletter

White Paper — Registration

We will send you the research paper via email.

CodeNotary — Webinar

White Paper — Registration

Please let us know who you are, so we can send you the CodeNotary Trusted Software Supply Chain white paper.

Become a partner

Start Your Trial

Please enter contact information to receive an email with the virtual appliance download instructions.

Start Free Trial

Please enter contact information to receive an email with the free trial details.