IT Sabotage
IT Sabotage (Unix/Linux)
The following out-of-the-box alert rules are assigned to the (Unix/Linux) Category: IT SABOTAGE.
|
ALERT RULE |
Description |
|---|---|
| Deleting a local user |
An alert is triggered upon deleting a local user, which is either a regular user or super user, using the USERDEL command. |
| Deleting files from sensitive directory |
An alert is triggered upon trying to delete (via the RM command) files from within a sensitive directory which could jeopardize system stability or result in data loss. |
| Overwriting files using SFTP or SCP in sensitive configuration directories |
An alert is triggered upon running the PUT command of SFTP or SCP to copy files to a remote sensitive configuration directory. |