The following document provides information on how to activate and configure the Remote Security Audit service for your ClearOS system. For an overview of the features and benefits of the service, please review the service information here.

• ClearOS Enterprise 5.1 or higher

• Login to your ClearCenter account.
• Click on Systems Remote Security Audit in the top navigation bar.
• Select the target system from the list of active systems in your account.
• Select a subscription from the drop down list and make sure the service is enabled.
• Click on Update to complete the activation.

The Remote Security Audit service includes a report of recent activity on your system. When a significant event occurs, an audit report is e-mailed to either the account administrator, or notification e-mail addresses specified for the system. You can manage these notification e-mail addresses via your online account - go to Systems System Settings Alert Notification in the menu.

The goal of the security audit is to pick up clues that typically result from a server containing malicious data. This can be determined by:

• Detecting changes in critical files and directories
• Checking for a change in the number of hidden files and directories
• Monitoring the inventory of setuid/setguids files
• Detecting a change in the number of superuser accounts
• Auditing the number of accounts without passwords

On a regular interval, the security audit will:

• Connect to your system
• Make sure the audit tools have not been tampered with
• Signal the system to run the audit
• Wait for the audit to complete
• Save the status results in your ClearSDN online account

The system will send an e-mail alert if any irregularities occur during this process.