Linux OS

Once Linux is configured to deliver events to EventTracker Manager alerts, dashboards, and reports can be configured into EventTracker.

Alerts

Linux - A user or group has been deleted: This alert is triggered when a user or a group is removed or deleted from Linux system.
Linux - A user password has been changed or modified: This alert is triggered when password is changed for any user.
Linux - Console login failed: This alert is triggered when a user fails to successfully login into Linux system.
Linux - Sudoers configuration file has been changed or modified: This alert is triggered when someone tries to change or modify the configuration of sudoers file.

Reports

Linux - Console login failed: This report contains a detailed overview of events associated to failed login by users into Linux system. This includes, current user, parent user, event datetime, terminal and operation status.

Reports

Linux - User command execution activities: This report contains a detailed overview of commands that were executed in user shell. This includes, executed command, shell user, parent user, log datetime, and operation status.
Linux - Console login and logout activities: This report contains a detailed overview of user login and logout activities. This includes, shell user, parent user, log datetime, and operation status.
Linux - Mount and Unmount activities: This report contains a detailed overview of device/drive mount or unmount activities into Linux system. This includes, shell user, parent user, log datetime, and operation status.
Linux - Root Shell Command Execution activities: This report contains a detailed overview of commands executed in root shell. This includes, executed command, shell user, parent user, log datetime, and operation status.
Linux - Sudo commands execution activities: This report contains a detailed overview of commands executed by elevating user privilege, i.e. ‘sudo’. This includes, executed command, shell user, parent user, and log datetime.
Linux – File Monitoring: This report contains a detailed overview of activities associated with file monitoring such as, file read, file delete, file create, etc. This includes, username, event datetime, filepath, filename, status, etc.

Reports

Linux - User Management: This report contains a detailed overview of activities performed by any user, such as, user add, user delete, user password change, etc. This includes, shell user, parent user, and log datetime, and operation status.
Linux - Group Management: This report contains a detailed overview of activities performed by any user, such as, group add, group delete, etc. This includes, shell user, parent user, and log datetime, and operation status.
Linux - Package Management: This report contains a detailed overview of activities related to software/package install, remove, or update. This includes, shell user, parent user, and log datetime, application/package name, and operation status.

The configuration details are consistent with EventTracker version 9.2 and later, and Linux (Red Hat/Cent OS version 7.0 and later).

To configure Linux to send logs to EventTracker, refer to the How-to Guide.

For more information please refer to the Integration guide.