The present disclosure relates to file system compliance checking, and more particularly a method for scanning a file system using feedforward profiling and scheduling with feedback for individual and adaptive throttling.
Security compliance rules are defined to keep systems secure. Hosting services/ops center providers must guarantee compliance to rules in order to meet contractual obligations. To ensure compliance, a (full) file system scan and analysis must be conducted, and violations must be remediated in a timely fashion.
Existing approaches to file system scanning use a monolithic architecture where scanning and checking are intermixed in same scripts with limited control on performance perturbation in the production system. For example, a checking operation can occupy locks on file inodes preventing other software (in particular client business applications) from accessing the same files. As a result, only partial scanning is possible leading to undetected violations.