Identity Theft
Identity Theft (Unix/Linux)
The following out-of-the-box alert rules are assigned to the (Unix/Linux) Category: IDENTITY THEFT.
|
ALERT RULE |
Description |
|---|---|
| Changing own password by currently logged in user |
An alert is triggered upon trying to change the password of the currently logged-in user (using the PASSWD command) potentially to steal his identity. |
| Copying or viewing SSH keys |
An alert is triggered upon detecting the copying or viewing of SSH keys files of another user to steal the identity of a user. |