Reference Guide
...
Reports
Audit Report

Linux Audit Report

The Linux Local User Audit Report is used to report the current security status of local Linux accounts.

Create the Report Configuration

  1. Navigate to Audit Report > Linux Audit Report.
  2. Open the Report Configuration tab.
  3. Create a report configuration by completing the fields. The Report job can be executed manually or periodically (as scheduled)
Linux Audit Report Configuration
Linux Audit Report Configuration


To execute the report manually, click the Options drop-down menu button and select Run.

Run Linux Audit Report
Run Linux Audit Report


To execute the Report periodically, the Scheduled field needs to be configured in the Report Configuration. The period can also be configured from the Jobs Scheduler by editing the LinuxAuditJob.

For the purposes of the Audit Report, the selected device groups must have the globalUsername and globalPassword properties defined. See also section Device Group Properties. To access the report detail, the user defined as “globalUsername” should be a privileged user. Also, If the globalusername is a sudo user and the sudo command execution is required to get report details, the useSudoForLinuxAuditReport device group property must be defined as true on the Device Group. After this definition, the Sudoers column added to the Linux Audit Report Details table and the globalusername sudo user will write YES here.

Report Details

When the job finishes, reports are listed in the Reports tab. To access the reports:

  1. Navigate to Audit Report > Linux Audit Report.
  2. Open the Report tab.
  3. Click the Options drop-down menu button and select Show Details.
Linux Audit Report
Linux Audit Report


Report details are shown in the Linux Audit Report Details section:

Linux Audit Report Details
Linux Audit Report Details


Dashboard

  1. Navigate to Audit Report > Linux Audit Report.
  2. Open the Dashboard tab.
  3. Choose the desired fields and click the Display Reports button.
Linux Audit Report Dashboard
Linux Audit Report Dashboard


If you want to exclude service accounts from the audit reports, you need to define accountToExcludeFromLinuxAuditReport as a property at the device group level. By defining this property and setting service accounts, users can distinguish service accounts and application accounts by excluding defined accounts from Linux audit reports.