Our Linux Sensors can easily modofied to meet your specific needs.
Cat | Sensor | Name | Audit | Countermeasure |
App | app_custom.sh | Custom Application Sensor | Definable | Definable |
Disk | disk_ckspace.sh | Filesystem Space Sensor | Adequate free blocks/inodes on local filesystems. | None |
disk_ckmounts.sh | Filesystem Mount Table Sensor | No change in filesystems mount table. | Definable | |
File | file_ckfstab.sh | Fstab Sensor | There are no errors in /etc/fstab | None |
file_grp_fields.sh | Group Fields Sensor | There are 4 fields in every record in /etc/group. | None | |
file_grp_uniq_gid.sh | Unique Group GIDs Sensor | All GIDs in /etc/group are unique. | Ignore previously reported. | |
file_grp_uniq_name.sh | Unique Group Names Sensor | All Group Names in /etc/group are unique. | Ignore previously reported. | |
file_grp_users.sh | Valid Group Users Sensor | Every user in /etc/group is a valid user. | Ignore previously reported. | |
file_hugedir.sh | Huge Directory Sensor | There are no new huge directories. | Ignore previously reported. | |
file_large.sh | Large File Sensor | There are no new large files. | Ignore previously reported. | |
file_orphans.sh | Orphan Files Sensor | All files are owned by valid users. | Reset ownership of orphan files. | |
file_pwd_fields.sh | Passwd Fields Sensor | There are 7 fields in every record in /etc/passwd. | None | |
file_pwd_gid.sh | Valid Passwd GIDs Sensor | Every /etc/passwd GID is a valid group. | None | |
file_pwd_home.sh | Valid Passwd Home Dirs Sensor | Every /etc/passwd home directory is valid. | Create directory or ignore if previously reported. | |
file_pwd_shell.sh | Valid Passwd Shells Sensor | Every /etc/passwd shell is an expected value. | Ignore previously reported. | |
file_unwanted.sh | Unwanted File Sensor | Verify that certain files do not exist. | None | |
file_wanted.sh | Wanted File Sensor | Verify that certain files do exist. | None | |
file_watchlog.sh | Log Content Sensor | There is nothing unusual about the contents of a log. | None | |
Me | me_autoupdate.sh | Auto Update Sensor | OSsonar is up-to-date. | None |
me_ckconfig.sh | OSsonar Configuration Sensor | No problems with config file. | None | |
me_ckfilemaster.sh | Verify Master File Table Sensor | Master File Table is being created. | None | |
me_cksum.sh | OSsonar Intrusion Sensor | Application is secure. | None | |
me_mkfilemaster.sh | Create File Master Table Sensor | Create a new File Master Table. | None | |
me_ruthere.sh | Remote Watchdog Sensor | All remotes are up | None | |
me_syslog.sh | Syslog Facility Sensor | No messages of concern in the syslog facility. | None | |
Network | net_ckroutetab.sh | Network Routing Tables Sensor | No change in the network routing tables. | Accept new table. |
net_cksvcs.sh | Network Port Services Sensor | No change in the network port services. | None | |
net_no_netrc.sh | Home Dir .netrc Sensor | No users have .netrc in their home directory. | Ignore previously reported. | |
net_no_rhosts.sh | Home Dir .rhosts Sensor | No user has .rhosts in their home directory. | Ignore previously reported. | |
net_ping.sh | Host Ping Sensor | All defined hosts can be pinged. | None | |
net_untrusted_svcs.sh | Untrusted Network Services Sensor | Untrusted network services are disabled. | None | |
Perf | perf_alrttest.sh | Test Alert Sensor | The Alert Manager is working. | None |
perf_ckmailq.sh | Mail Queue Size Sensor | The size of the mail queue is nominal. | None | |
perf_ckmysql.sh | MySQL Response Sensor | MySQL is responding. | Definable | |
perf_cknetints.sh | Network Interfaces Sensor | No performance problems with network interface cards. | None | |
perf_ckswap.sh | Swap Space Sensor | No problems with swap space usage. | None | |
perf_loadavg.sh | System Load Average Sensor | System load average is less than a defined threshold. | Definable | |
perf_nettraffic.sh | Network Traffic Sensor | All traffic on network devices is nominal. | None | |
perf_webpages.sh | Web Pages Up Sensor | All defined URLs are responding. | None | |
Process | proc_all_up.sh | Daemons Up Sensor | All daemons are up. | Restart failed daemons. |
proc_killstalled.sh | Stalled Processes Sensor | There are no stalled processes. | Kill stalled processes. | |
proc_orphans.sh | Orphan Processes Sensor | All processes are owned by a current user. | Kill all orphan processes. | |
proc_runaway.sh | Runaway Processes Sensor | There are no runaway processes. | Kill runaway process. | |
proc_unwanted.sh | Unwanted Processes Sensor | There are no unwanted processes. | Kill unwanted processes. | |
Security | sec_ckintrusion.sh | Intrusion Detection Sensor | No change to secured directories/files. | None |
sec_ckrootkit.sh | Rootkit Sensor | There are no rootkits installed. | Accept new checksums. | |
sec_clamscan.sh | Virus Sensor | Clamscan reports no viruses. | Empty scan list when completed. | |
sec_failedlogins.sh | Failed Logins Sensor | There are no patterns of failed logins of concern. | None | |
sec_failedsu.sh | Failed SU Sensor | There are no patterns of failed su attempts of concern. | None | |
sec_nfsdirs.sh | Secure NFS Sensor | All NFS exported dirs are configured to be secure. | None | |
sec_rogue_dev.sh | Rogue Devices Sensor | There are no rogue device files. | Ignore previously reported. | |
sec_sshapf.sh | SSH Attack Sensor | No one is using ssh to attack this system. | Put the attacker in /etc/apf/deny_hosts.rules | |
sec_stickybit.sh | Sticky Bit Directories Sensor | No sticky bit directory has lost the sticky bit. | None | |
sec_suid_sgid.sh | SUID/SGID Files Sensor | There are no new SUID/SGID files. | Ignore previously reported. | |
sec_webpages.sh | Web Page Change Sensor | All defined URLs have not changed. | None | |
sec_world_writable.sh | World Writable Files Sensor | There are no new world writable files. | Ignore previously reported. | |
System | sys_ckboot.sh | System Rebooted Sensor | No recent system reboot. | None |
sys_ckhostname.sh | Hostname Changed Sensor | The hostname has not changed. | None | |
sys_ckmailbox.sh | Mail Box Sensor | Mail is being delivered. | Definable | |
sys_cktime.sh | System Time Sensor | System time is reasonable. | None | |
sys_ckup2date.sh sys_ckyum.sh |
RPM Updates Sensor | RPMs are current. | None | |
sys_rmtrash.sh | Trash Files Sensor | There are no trash files on the system. | Remove trash files. | |
sys_maildelivery.sh | Mail Delivery Sensor | Mail is being delivered. | Definable | |
sys_tarbkup.sh | System Backup Sensor | This is the system backup manager. | None | |
sys_trimlogs.sh | Trim System Logs Sensor | Audit size of system logs. | Trim the System Logs. | |
User | usr_cons_login.sh | Root Only On Console Sensor | Root can only log in from console. | None |
usr_logins.sh | Create Logins Log Sensor | Logins Log created. | None | |
usr_mailbox.sh | Secure Mailboxes Sensor | All mailboxes are owned and permissioned correctly. | Fix owner and/or permissions. | |
usr_noage.sh | Password Aging Sensor | All users have password aging. | Ignore previously reported. | |
usr_nologin.sh | New Login Sensor | There are no new users logged in. | None | |
usr_nopwd.sh | Password Sensor | Every user has a password. | None | |
usr_pwd_no_acct.sh | Unwanted Users Sensor | Certain logins are not in /etc/passwd. | None | |
usr_pwd_shadowed.sh | Shadowed Passwords Sensor | All passwords are shadowed. | Ignore previously reported. | |
usr_suid_shell.sh | SUID/SGID Login Shells Sensor | There are no SUID/SGID login shells. | Ignore previously reported. | |
usr_uniq_home.sh | Unique Home Directories Sensor | Every user has a unique home directory. | Ignore previously reported. | |
usr_uniq_uid.sh | Unique Login UIDs Sensor | All UIDs in /etc/passwd are unique. | Ignore previously reported. | |
usr_uniq_usrname.sh | Unique Login Names Sensor | All /etc/passwd login names are unique. | None |