topic Linux Agent password protection in Cortex XDR Discussions https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/linux-agent-password-protection/m-p/1220577#M7893 <P>Hi,</P> <P>&nbsp;</P> <P>i know that&nbsp;<SPAN>Linux Agent Tampering protection is not support yet , however what is the possible why to secure the agent?</SPAN></P> <P>&nbsp;</P> <P><LI-PRODUCT title="Cortex XDR" id="Cortex_XDR"></LI-PRODUCT>&nbsp;</P> Sun, 16 Feb 2025 14:19:19 GMT A.Alharbi095930 2025-02-16T14:19:19Z Linux Agent password protection https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/linux-agent-password-protection/m-p/1220577#M7893 <P>Hi,</P> <P>&nbsp;</P> <P>i know that&nbsp;<SPAN>Linux Agent Tampering protection is not support yet , however what is the possible why to secure the agent?</SPAN></P> <P>&nbsp;</P> <P><LI-PRODUCT title="Cortex XDR" id="Cortex_XDR"></LI-PRODUCT>&nbsp;</P> Sun, 16 Feb 2025 14:19:19 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/linux-agent-password-protection/m-p/1220577#M7893 A.Alharbi095930 2025-02-16T14:19:19Z Re: Linux Agent password protection https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/linux-agent-password-protection/m-p/1220643#M7895 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/848744293">@A.Alharbi095930</a>&nbsp;<BR /><SPAN>Thanks for reaching out on LiveCommunity!</SPAN></P> <P data-start="0" data-end="182">As you know, the root user has full control over Linux, so there is currently no ETA for Tamper Protection on Linux. You may reach out to your Account Manager for more information.</P> <P data-start="184" data-end="726" data-is-last-node="">However, if you have <STRONG data-start="205" data-end="219">Pro per GB</STRONG>, you can use the <STRONG data-start="237" data-end="250">Collector</STRONG> to collect logs from the <CODE data-start="276" data-end="292">/var/log/traps</CODE> directory. Additionally, for more extensive or backup log collection, you can configure <STRONG data-start="381" data-end="392">rsyslog</STRONG> or <STRONG data-start="396" data-end="409">syslog-ng</STRONG> to forward logs from that directory to another system and collect those events on the remote host. While none of these methods are completely tamper-resistant, any attempts to shut down one of these services will be detected and reported by the others, providing at least some level of visibility into such activity.</P> <P data-start="184" data-end="726" data-is-last-node="">&nbsp;</P> <P data-start="184" data-end="726" data-is-last-node=""><SPAN>If you feel this has answered your query, please let us know by clicking on "mark this as a Solution". Thank you.</SPAN></P> <P>&nbsp;</P> Mon, 17 Feb 2025 08:49:31 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/linux-agent-password-protection/m-p/1220643#M7895 aspatil 2025-02-17T08:49:31Z