Return to Sensors

Linux Sensors

Our Linux Sensors can easily modofied to meet your specific needs.

Cat Sensor Name Audit Countermeasure
App app_custom.sh Custom Application Sensor Definable Definable
Disk disk_ckspace.sh Filesystem Space Sensor Adequate free blocks/inodes on local filesystems. None
disk_ckmounts.sh Filesystem Mount Table Sensor No change in filesystems mount table. Definable
File file_ckfstab.sh Fstab Sensor There are no errors in /etc/fstab None
file_grp_fields.sh Group Fields Sensor There are 4 fields in every record in /etc/group. None
file_grp_uniq_gid.sh Unique Group GIDs Sensor All GIDs in /etc/group are unique. Ignore previously reported.
file_grp_uniq_name.sh Unique Group Names Sensor All Group Names in /etc/group are unique. Ignore previously reported.
file_grp_users.sh Valid Group Users Sensor Every user in /etc/group is a valid user. Ignore previously reported.
file_hugedir.sh Huge Directory Sensor There are no new huge directories. Ignore previously reported.
file_large.sh Large File Sensor There are no new large files. Ignore previously reported.
file_orphans.sh Orphan Files Sensor All files are owned by valid users. Reset ownership of orphan files.
file_pwd_fields.sh Passwd Fields Sensor There are 7 fields in every record in /etc/passwd. None
file_pwd_gid.sh Valid Passwd GIDs Sensor Every /etc/passwd GID is a valid group. None
file_pwd_home.sh Valid Passwd Home Dirs Sensor Every /etc/passwd home directory is valid. Create directory or ignore if previously reported.
file_pwd_shell.sh Valid Passwd Shells Sensor Every /etc/passwd shell is an expected value. Ignore previously reported.
file_unwanted.sh Unwanted File Sensor Verify that certain files do not exist. None
file_wanted.sh Wanted File Sensor Verify that certain files do exist. None
file_watchlog.sh Log Content Sensor There is nothing unusual about the contents of a log. None
Me me_autoupdate.sh Auto Update Sensor OSsonar is up-to-date. None
me_ckconfig.sh OSsonar Configuration Sensor No problems with config file. None
me_ckfilemaster.sh Verify Master File Table Sensor Master File Table is being created. None
me_cksum.sh OSsonar Intrusion Sensor Application is secure. None
me_mkfilemaster.sh Create File Master Table Sensor Create a new File Master Table. None
me_ruthere.sh Remote Watchdog Sensor All remotes are up None
me_syslog.sh Syslog Facility Sensor No messages of concern in the syslog facility. None
Network net_ckroutetab.sh Network Routing Tables Sensor No change in the network routing tables. Accept new table.
net_cksvcs.sh Network Port Services Sensor No change in the network port services. None
net_no_netrc.sh Home Dir .netrc Sensor No users have .netrc in their home directory. Ignore previously reported.
net_no_rhosts.sh Home Dir .rhosts Sensor No user has .rhosts in their home directory. Ignore previously reported.
net_ping.sh Host Ping Sensor All defined hosts can be pinged. None
net_untrusted_svcs.sh Untrusted Network Services Sensor Untrusted network services are disabled. None
Perf perf_alrttest.sh Test Alert Sensor The Alert Manager is working. None
perf_ckmailq.sh Mail Queue Size Sensor The size of the mail queue is nominal. None
perf_ckmysql.sh MySQL Response Sensor MySQL is responding. Definable
perf_cknetints.sh Network Interfaces Sensor No performance problems with network interface cards. None
perf_ckswap.sh Swap Space Sensor No problems with swap space usage. None
perf_loadavg.sh System Load Average Sensor System load average is less than a defined  threshold. Definable
perf_nettraffic.sh Network Traffic Sensor All traffic on network devices is nominal. None
perf_webpages.sh Web Pages Up Sensor All defined URLs are responding. None
Process proc_all_up.sh Daemons Up Sensor All daemons are up. Restart failed daemons.
proc_killstalled.sh Stalled Processes Sensor There are no stalled processes. Kill stalled processes.
proc_orphans.sh Orphan Processes Sensor All processes are owned by a current user. Kill all orphan processes.
proc_runaway.sh Runaway Processes Sensor There are no runaway processes. Kill runaway process.
proc_unwanted.sh Unwanted Processes Sensor There are no unwanted processes. Kill unwanted processes.
Security sec_ckintrusion.sh Intrusion Detection Sensor No change to secured directories/files. None
sec_ckrootkit.sh Rootkit Sensor There are no rootkits installed. Accept new checksums.
sec_clamscan.sh Virus Sensor Clamscan reports no viruses. Empty scan list when completed.
  sec_failedlogins.sh Failed Logins Sensor There are no patterns of failed logins of concern. None
sec_failedsu.sh Failed SU Sensor There are no patterns of failed su attempts of concern. None
sec_nfsdirs.sh Secure NFS Sensor All NFS exported dirs are configured to be secure. None
sec_rogue_dev.sh Rogue Devices Sensor There are no rogue device files. Ignore previously reported.
sec_sshapf.sh SSH Attack Sensor No one is using ssh to attack this system. Put the attacker in /etc/apf/deny_hosts.rules
sec_stickybit.sh Sticky Bit Directories Sensor No sticky bit directory has lost the sticky bit. None
sec_suid_sgid.sh SUID/SGID Files Sensor There are no new SUID/SGID files. Ignore previously reported.
sec_webpages.sh Web Page Change Sensor All defined URLs have not changed. None
sec_world_writable.sh World Writable Files Sensor There are no new world writable files. Ignore previously reported.
System sys_ckboot.sh System Rebooted Sensor No recent system reboot. None
sys_ckhostname.sh Hostname Changed Sensor The hostname has not changed. None
sys_ckmailbox.sh Mail Box Sensor Mail is being delivered. Definable
sys_cktime.sh System Time Sensor System time is reasonable. None
sys_ckup2date.sh
sys_ckyum.sh
RPM Updates Sensor RPMs are current. None
sys_rmtrash.sh Trash Files Sensor There are no trash files on the system. Remove trash files.
sys_maildelivery.sh Mail Delivery Sensor Mail is being delivered. Definable
sys_tarbkup.sh System Backup Sensor This is the system backup manager. None
sys_trimlogs.sh Trim System Logs Sensor Audit size of system logs. Trim the System Logs.
User usr_cons_login.sh Root Only On Console Sensor Root can only log in from console. None
usr_logins.sh Create Logins Log Sensor Logins Log created. None
usr_mailbox.sh Secure Mailboxes Sensor All mailboxes are owned and permissioned correctly. Fix owner and/or permissions.
usr_noage.sh Password Aging Sensor All users have password aging. Ignore previously reported.
usr_nologin.sh New Login Sensor There are no new users logged in. None
usr_nopwd.sh Password Sensor Every user has a password. None
usr_pwd_no_acct.sh Unwanted Users Sensor Certain logins are not in /etc/passwd. None
usr_pwd_shadowed.sh Shadowed Passwords Sensor All passwords are shadowed. Ignore previously reported.
usr_suid_shell.sh SUID/SGID Login Shells Sensor There are no SUID/SGID login shells. Ignore previously reported.
usr_uniq_home.sh Unique Home Directories Sensor Every user has a unique home directory. Ignore previously reported.
usr_uniq_uid.sh Unique Login UIDs Sensor All UIDs in /etc/passwd are unique. Ignore previously reported.
usr_uniq_usrname.sh Unique Login Names Sensor All /etc/passwd login names are unique. None

Permanent link to this article: https://www.ossonar.com/sensors/linux-sensors-2/