Linux
Version: Centos/ RHEL 7 and later, Ubuntu 18 and later, Amazon Linux 2, Oracle Linux 7 and later.
Linux is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel. An operating system is software that manages all the hardware resources associated with your desktop or laptop.
Netsurion Open XDR manages logs retrieved from Linux. The alerts, reports, dashboards, and saved searches in Netsurion Open XDR are enhanced by capturing important and critical activities in Linux.
The following are the key assets included with this Data Source Integration.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Linux – User or group deleted | Generated when a user or group has been deleted. |
| Security | Linux – Code injection by ld.so preload detected | Generated when any code injection by dynamic linkers like ld.so.preload is detected. |
| Security | Linux – Interactive terminal spawned | Generated when someone spawned interactive shell using scripts. |
| Security | Linux – Potential disabling of SELinux detected | Generated when someone disabled the SElinux configuration. |
| Security | Linux – Suspicious process activity detected | Generated when someone executed suspicious commands related to network. |
| Security | Linux – Sensitive files compression detected | Generated when someone compressed critical configuration files like ssh key files, bash files, and more. |
| Security | Linux – Sudoers configuration file changed or modified | Generated when a sudoers configuration file is modified. |
| Security | Linux – Symlink to critical system configuration files detected | Generated when someone linked critical configuration files like passwd, sudoers, and more. |
| Security | Linux – Command history cleared | Generated when command history has been deleted in the host. |
Reports
| Type | Name | Description |
|---|---|---|
| Compliance | Linux – Login and logout activities | Provides details about all login and log out activities and their status. |
| Compliance | Linux – User and group management | Provides details about all user and group management activities such as add user, delete user, change user permission, and more. |
| Operational | Linux – User Command execution | Provides details about all command execution activity by a user. |
| Operational | Linux – Root activities | Provides details about all root level commands status and related information such as a username, command, and more. |
Dashboards
| Type | Name | Description |
|---|---|---|
| Security | Linux – Login by geo location | Displays the geo location of the login event. |
| Compliance | Linux – Critical root activities | Displays the data about critical root activities. |
| Compliance | Linux – Login activities by source IP | Displays the data about all login related activities by source IP. |
| Compliance | Linux – User management activities | Displays the data about user related activities by username. |
Saved Searches
| Type | Name | Description |
|---|---|---|
| Security | Linux – Sudoers configuration file modification | Provides details when someone tries to change the configuration in sudoers file. |
| Security | Linux – User password modification | Provides details about user password change activities. |
| Compliance | Linux – Login and logout activities | Provides detailed overview of user login and logout activities. |
| Compliance | Linux – User and group management | Provides detailed overview of activities performed by any user, such as add user, delete user, group add, group delete, and more. |
| Operational | Linux – Root activities | Provides details about all root activities performed on Linux. |
| Operational | Linux – User command execution | Provides detailed overview of commands that were executed in user shell. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.3 and later, andLinux.
Download the Integration Guide for configuration instructions and more information.