In Linux and UNIX environment, Change Guardian monitors the following:
Configuration files
Local and exported file systems
File integrity
Users and groups
Mounts
Processes
CRON jobs
This section provides the following information:
The following table provides an overview of the tasks required for Change Guardian to start monitoring Linux and UNIX events:
Task |
See |
---|---|
Complete the prerequisites |
|
Add a license key |
|
Configure Change Guardian for monitoring |
|
Triage events |
You can triage events in the Change Guardian dashboard and the Administration Console. |
Ensure that you have completed the following:
Install the Security Agent for UNIX. For more information, Security Agent for UNIX documentation.
You can create polices to monitor the following:
Configuration Files Policies for changing hostname resolution and process startup configuration.
CRON Policies for monitor accessing CRON job, and changing CROS task execution.
Exported File System Policies to monitor list exported file system
File Integrity Policies to monitor Security Agent for UNIX configuration and system message of the day.
File System Policies to monitor bash shell startup configuration.
Groups Policies to monitor inbuilt groups
Mount Policies to monitor CD-ROM mounts
Process/Daemons Policies to monitor system background processes, and execution of su and sudo commands.
Users Policies to monitor builtin users.
For information about creating policies, see Creating Change Guardian Policies.
After creating policies, you can assign them to assets. For information about assigning policies, see Working with Policies.