System Hardening Monitor
This option group section detects changes to the user-configurable files that are considered sensitive in maintaining the security posture of the operating system. It detects modifications of the system configuration that change whether it automatically runs code during system startup. This behavior is normal if an administrator needs to change autorun behavior. If unexpected, it can indicate that the system is being prepared to operate outside established security policy, or that it is about to be compromised.
Various areas are monitored to generate events for the administrator if either of the following entities changed any of the selected values:
- Malware
- A malicious individual attempting to lower the security posture of the host system
Parameter | Description |
|---|---|
Option Path
| System Hardening Monitor > System Auto Start Change Options |
Option | Daemon Run Level RC.D Monitor |
Rule Name | AutoStart_RC.D_Monitor |
Severity | Warning |
File Paths | /etc/rc.* /etc/rc.d/* /etc/init.d/* |
Additional Settings | You can also monitor the following events:
|
Description | Detects changes to the daemon rc files on the device. |
Parameter | Description |
|---|---|
Option Path
| System Hardening Monitor > System Auto Start Change Options |
Option | System Run Level INITTAB Monitor |
Rule Name | AutoStart_Inittab_Monitor |
Severity | Warning |
File Paths | /etc/inittab |
Additional Settings | You can also monitor the following events:
|
Description | Detects changes to the inittab file on the device. |