Difference between revisions of "HIDS 5905"
(Created page with "{{Infobox |header1= Rule 5905 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = failed adding user to system }} = Description = Note: ASL does not cause th...") |
Latest revision as of 08:59, 29 October 2013
| Rule 5905 | |
|---|---|
| Status | Active |
| Alert Message | failed adding user to system |
Contents |
[edit] Description
Note: ASL does not cause this event to occur, it simply reports when another application is causing this to occur.
This event reports when the operating system, or an application, has been instructed to add a user and has failed to do add this user. This event is not caused by ASL, ASL simply reports when this event occurs.
[edit] Log example
hostname useradd[12345]: failed adding user 'zabbix', data delete
[edit] Troubleshooting
[edit] False Positives
The rule itself can not generate a false positive, the rule just reports when this event occurs.
[edit] Tuning Guidance
We do not recommend you disable this rule. Disabling this rule will not prevent this event from occuring, but will prevent ASL from reporting when it occurs and may effect ASLs ability to correlate events that may indicate an attack is under way.
[edit] Additional Information
[edit] Similar Rules
None.
[edit] Knowledge Base Articles
None.
[edit] Outside References
None.
