Microsoft Azure has taken a remarkable initiative to prevent the entry of malicious items in the Linux machines. The security system developed by Azure Security Center detects suspicious processes occur in the machine and poor loading and unloading of the kernel module.
The indication of doubtful login attempts and suspicious activities are the core responsibilities of Linux Machine. The system is similar to the windows and VMs security systems.
How does it Work?
Linux Auditing frameworks are used in Linux machine which collects data and transfers it to Security center. Audited systems are composed of two components and you can find them in the mainline kernel. Userspace utilities and kernel level subsystem are the two components. First is used to offer a wide range of operations like analyzing log auditing files and rules adjustment. The former component is responsible for writing match messages and monitoring system calls.
The latest version of Linux is used in the audited records to analyze and aggravate the events. Security Center analyzes the audit events which the stored in the workspace. Once the Security Center detects a suspicious activity in the system, it generates a call and alerts the system.
Process to Enable Linux Detection
The users need to follow a simple procedure to enable the Linux detection.
- Don’t use old versions of the system and upgrade to Standard Security tier which is 4.0-12 of the MS agent for Linux. dpkg -l | grep omsagent command helps you to retrieve the oms version.
- Don’t forget to install audited on your machine if you are using Debian flavor. However, Red-Hat flavor is already installed. If the latest version isn’t installed, then first install audited and then re-run the 1.4.0-12 in auditing plugin.Information messages are generated once the OMS agent detects an issue. This message is called ‘operation’. The CPU utilization for audited collection can reach ~10% on the low-end system when audited rules are enabled.
- Send an email ID along your subscription to get access to the limited preview if your audited data doesn’t enable automatically on your workspace.For the automatic subscription, the workspace should meet a devised criteria like per node billing, activated Security Solution, Red-Hat machine, and Linux machine running OMS agent.