Monitor User & Group Changes
This option group section of the policy monitors for specific user and group change-based events.
Option | Description |
|---|---|
Monitor User Configuration Changes | This option detects user configuration changes, such as
user creation, user deletion, password change, ID change, maximum days of account inactivity, and so on. |
Monitor Group Configuration Changes | This option detects group configuration changes, such as
group creation, group deletion, membership changes, and so on. |
Monitor Changes to Superusers | This option detects Superuser configuration changes, such as
Superuser/group creation, addition of user/group to Superuser group, and so on. |
The Unix_Baseline_Detection_Basic policy allows to specify only the high level options required for basic baseline monitoring. If you want to configure the granular options, use the Unix_Baseline_Detection_Advanced policy.
For example, the Unix_Baseline_Detection_Basic policy by default detects user creation, user deletion, password change, ID change, maximum days of account inactivity, and so on. If you do not want the policy to detect a specific parameter such as ID change, or maximum days of account inactivity, you can use the Unix_Baseline_Detection_Advanced policy. The Unix_Baseline_Detection_Advanced policy allows you to configure each option individually.