Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Monitoring Root Account on Linux Server

10061987
Engager
‎10-30-2023 01:07 AM

Hi all,

I have a case about monitoring Linux servers. Here what i am trying to do. I am not sure this is possible or not but i have to do these things with possibilities because System Staff wanted these from me.

1-Root SSH access enabled servers --> Need Help

2-When someone changed sudoers file --> Done.

3-Root password change --> Done.

4-Users who have "0" ID except root --> Need Help

 

I did some steps but i need help about 2 step. Any help would be appreciated!

Labels (1)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎11-02-2023 06:38 AM
Hi
what you already have in those servers?
- UF
- some Unix/Linux TAs
- what kind of data it is collection
- what logs it's collecting
- how and in which user your UF is running (shouldn't run as root).
r. Ismo
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS)   We Want Your Feedback on Admin Config Service ...