HIDS 5905

From Atomicorp Wiki
Revision as of 08:59, 29 October 2013 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Rule 5905
Status Active
Alert Message failed adding user to system

Contents

Description

Note: ASL does not cause this event to occur, it simply reports when another application is causing this to occur.

This event reports when the operating system, or an application, has been instructed to add a user and has failed to do add this user. This event is not caused by ASL, ASL simply reports when this event occurs.

Log example

hostname useradd[12345]: failed adding user 'zabbix', data delete

Troubleshooting

False Positives

The rule itself can not generate a false positive, the rule just reports when this event occurs.

Tuning Guidance

We do not recommend you disable this rule. Disabling this rule will not prevent this event from occuring, but will prevent ASL from reporting when it occurs and may effect ASLs ability to correlate events that may indicate an attack is under way.


Additional Information

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.

Personal tools