Group Creation

Enabled by default

Service: syslog

Log type: auth.log

Groups allow for multiple user accounts to be managed as one and an attacker may try and create a group with escalated privileges.

View Logs

grep "new group" /var/log/auth.log

Check Logging Status

Unfortunately, due to current limitations, we do not yet have this command, stay tuned for updates!

Disable Logging

Unfortunately, due to current limitations, we do not yet have this command, stay tuned for updates!

Enable Logging

Unfortunately, due to current limitations, we do not yet have this command, stay tuned for updates!

Language: bash

Back to Linux Ubuntu

Compliance

HIPAA

Level: Recommended

https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/combined/hipaa-simplification-201303.pdf?language=es

PCI DSS

Level: Recommended

https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf?agreement=true&time=1631643252599

NSA Event Forwarding

Level: Recommended

https://github.com/nsacyber/Event-Forwarding-Guidance/tree/master/Events

Due to the limitations of the GNOME Logs app, we do not currently have a GUI way to view this log. We recommend using the command line. To see the log of group creation in Linux, enter the command grep "new group" /var/log/auth.log.

Group Creation

Enabled by default

Service: syslog

Log type: auth.log

Compliance

HIPAA

PCI DSS

NSA Event Forwarding

Additional References