When the checksums are done by the filesystem, like zfs or btrfs, they are done block by block, not by file, when done by for example file integrity plugin they are done file by file, and they are always the same size, and very small, they fit in the extended attributes.
There are various way, I for example use snapshots, they are read-only and cannot be modified by those kind of attacks.