Purpose: To protect against attacks on critical Linux resource files.
Description: Improves the security of computers running Linux by reporting or blocking modification of critical Linux system files.
Enabled by Default: | No |
Platform: | Linux |
Minimum Agent Version Required: | 7.2.0 |
Rapid Config Settings
As with most rapid configs, you can:
-
Enable or disable the rapid config.
-
Specify what policies the rapid config applies to.
In addition, you can choose to Do Nothing, Report, or Block the specific items or behaviors. For each of the following sections, specify what action you require.
Note:
RECOMMENDATION: We recommend setting each section to
Report prior to setting to
Block. Use the resulting events to ensure that legitimate behavior will not be impacted.
- *Report Or Block Modification Of Critical Linux Files:
- Should modification of the specified files be reported or blocked? You should validate that legitimate modifications are not blocked before enabling blocking.
- Linux Files To Report:
- Carbon Black App Control will report or block modifications of the specified files. You can add or remove items from this list. The following files are listed by default:
- Processes Allowed To Modify The Specified Linux Files:
- Processes specified here will be allowed to modify the specified Linux files. You can add or remove items from this list.