Purpose:To protect against attacks on critical Linux resource files.

Description: Improves the security of computers running Linux by reporting or blocking modification of critical Linux system files.

Enabled by Default: No
Platform: Linux
Minimum Agent Version Required: 7.2.0

The Edit Rapid Config page for the Linux Hardening Rapid Config

Use Cases

<Add info>

Rapid Config Settings

As with most rapid configs, you can:

  • Enable or disable the rapid config.

  • Specify what policies the rapid config applies to.

In addition, you can choose to Do Nothing, Report, or Block the specific items or behaviors. For each of the following sections, specify what action you require.

Note: RECOMMENDATION: We recommend setting each section to Report prior to setting to Block. Use the resulting events to ensure that legitimate behavior will not be impacted.

The Linux Configuration Files settings for the Linux Hardening Rapid Config

*Report Or Block Modification Of Critical Linux Files:
Should modification of the specified files be reported or blocked? You should validate that legitimate modifications are not blocked before enabling blocking.
Linux Files To Report:
Carbon Black App Control will report or block modifications of the specified files. You can add or remove items from this list. The following files are listed by default:
  • /boot/grub/grub.conf
  • /boot/grub2/grub.cfg
  • /etc/passwd
  • /etc/shadow/
  • etc/group
 
  • /etc/hosts
  • /etc/sudoers
  • /etc/resolv.conf
  • /etc/fstab
  • /etc/sysctl.conf
 
Processes Allowed To Modify The Specified Linux Files:
Processes specified here will be allowed to modify the specified Linux files. You can add or remove items from this list.