Proofpoint | ObserveIT On-Premises Insider Threat Management
System Tampering
System Tampering (Unix/Linux)
The following out-of-the-box alert rules are assigned to the (Unix/Linux) Category: SYSTEM TAMPERING.
|
ALERT RULE |
Description |
|---|---|
| Editing network configuration files |
An alert is triggered upon trying to edit network configuration files. |
| Editing sensitive system configuration files |
An alert is triggered upon running editing tools in order to view or modify sensitive configuration files located under the /ETC directory. |
| Editing the SSH or SSHD configuration files |
An alert is triggered when an SSH or SSHD configuration file is edited. |
| Prevent access to ObserveIT protection policy files |
An alert is triggered upon trying to manipulate (READ/WRITE) ObserveIT internal protection policy files. This rule is an example of a Prevent Rule on executing a command with specific arguments. This rule will not trigger any alert until it is activated. |