What is the Monarx auditd integration
We leverage auditd to consume real time file creation and mutation events in supporting environments. This allows us process file activity as it occurs, providing near realtime malware time-to-detection and time-to-remediation.
Installation
To manage installation of our auditd integration we leverage your OS' package manager, similar to the installation of the Monarx Agent and Protect extensions.
1. Add the Monarx Repository
To install any Monarx package, add the Monarx repository to your package manager:
CentOS / RHEL / CloudLinux / Alma / Rocky
CentOS / RHEL / CloudLinux / Alma / Rocky
curl -fsS https://repository.monarx.com/repository/monarx-yum/monarx.repo | sudo tee /etc/yum.repos.d/monarx.repo
sudo rpm --import https://repository.monarx.com/repository/monarx/publickey/monarxpub.gpg
Ubuntu
Ubuntu
curl -fsS https://repository.monarx.com/repository/monarx/publickey/monarxpub.gpg | sudo tee /etc/apt/trusted.gpg.d/monarx.asc
echo "deb [arch=amd64] https://repository.monarx.com/repository/ubuntu-$(lsb_release -sc)/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/monarx.list
Debian
Debian
sudo apt-key adv --keyserver "keyserver.ubuntu.com" --recv-keys "4E240071023138C8"
echo "deb [arch=amd64] https://repository.monarx.com/repository/debian-$(lsb_release -sc)/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/monarx.list
2. Install the integration
Install the monarx-agent-auditd package with your preferred package manager:
Yum (CentOS / RHEL / CloudLinux / Alma / Rocky)
Yum (CentOS / RHEL / CloudLinux / Alma / Rocky)
sudo yum install monarx-agent-auditd
Apt (Ubuntu / Debian)
Apt (Ubuntu / Debian)
sudo yum install monarx-agent-auditd