Group Creation
Enabled by default
Service: syslog
Log type: auth.log
Groups allow for multiple user accounts to be managed as one and an attacker may try and create a group with escalated privileges.
View Logs
grep "new group" /var/log/auth.log
Check Logging Status
Unfortunately, due to current limitations, we do not yet have this command, stay tuned for updates!
Disable Logging
Unfortunately, due to current limitations, we do not yet have this command, stay tuned for updates!
Enable Logging
Unfortunately, due to current limitations, we do not yet have this command, stay tuned for updates!
Language: bash
Back to Linux UbuntuCompliance
HIPAA
Level: Recommended
PCI DSS
Level: Recommended
https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf?agreement=true&time=1631643252599
NSA Event Forwarding
Level: Recommended
https://github.com/nsacyber/Event-Forwarding-Guidance/tree/master/Events
Due to the limitations of the GNOME Logs app, we do not currently have a GUI way to view this log. We recommend using the command line. To see the log of group creation in Linux, enter the command grep "new group" /var/log/auth.log
.
Additional References
View this article on GitHub