Crond Operations
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Crond Operations | Base Rule | CROND Information Message | Information |
| Crond : Command Executed As Root | Sub Rule | Crond Executed Command As Root | Information |
| Crond : Command Executed | Sub Rule | Cron Command Information | Information |
| Crond : Failed To Authorize User | Sub Rule | PAM Authentication Error | Error |
| Crond : Password Expired | Sub Rule | LOGIN_PASSWORD_EXPIRED | Information |
| Crond : Failed To Open PAM Security Session | Sub Rule | Failed To Create Session | Error |
| Crond : Cannot Set Security Context | Sub Rule | Authentication Failure Activity | Authentication Failure |
Mapping of Crond Operations with LR Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <severity> | Text\String |
| N/A | <dname> | Text\String |
| N/A | <login> | Text\String |
| N/A | <process> | Text\String |
| N/A | <processid> | Number |
| N/A | <subject> | Text\String |
| N/A | <command> | Text\String |
| N/A | <tag1> | Text\String |
| N/A | <tag2> | Text\String |