Sudo General Messages
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Sudo General Messages | Base Rule | Object Accessed | Access Success |
| Sudo Command Executed | Sub Rule | General Sudo Command | Activity |
| User Not In Sudoers | Sub Rule | Command Execution Failure | Access Failure |
| Sudo Command Not Allowed | Sub Rule | Command Execution Failure | Access Failure |
| Incorrect Password | Sub Rule | User Logon Failure : Bad Password | Authentication Failure |
| Unable To Resolve Host | Sub Rule | Sudo Unable To Resolve Host | Error |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <severity> | Text\String |
| N/A | <dname> | Text\String |
| N/A | <login> | Text\String |
| N/A | <account> | Text\String |
| N/A | <Session> | Text\String |
| N/A | <process> | Text\String |
| N/A | <object> | Text\String |
| N/A | <command> | Text\String |
| N/A | <amount> | Number |
| N/A | <tag2> | Number |