Site24x7 Linux Agent modifications to "/etc/passwd" and "/etc/shadow" files - FIM Events
Scenario
You may see the Site24x7 Linux agent modifying files associated with the operating system.
Reason
The /etc/passwd and /etc/shadow files are critical operating system files that store user account information on a server. The Site24x7 Linux agent interacts with these files specifically to manage the site24x7-agent user account, which is essential for its proper functioning and security.
The Site24x7 Linux agent will modify the /etc/passwd and /etc/shadow files exclusively for the site24x7-agent user under the following circumstances:
- Upon installation of the Site24x7 Linux agent on a server, the agent utilizes the useradd command to create the dedicated site24x7-agent user. This action results in the creation of a new entry for the site24x7-agent user, including its details, within both the /etc/passwd and /etc/shadow files.
- When the Site24x7 Linux agent is upgraded to version 19.6.0 or any subsequent version from an older release, a modification occurs in the /etc/passwd file. The purpose of this modification is to change the "site24x7-agent" user's login shell to /sbin/nologin. This change enhances security by preventing direct interactive logins for the agent user, a feature supported from the Linux agent version 19.6.0 onwards.
- During the uninstallation process of the Site24x7 Linux agent, the agent executes the "userdel" command to remove the "site24x7-agent" user account from the server. The execution of the "userdel" command subsequently modifies both the /etc/passwd and /etc/shadow files to remove the corresponding user entries.
All modifications detailed above are strictly limited to the "site24x7-agent" user. This is because the agent specifically invokes the "useradd" and "userdel" utilities with the "site24x7-agent" username specified, ensuring that no other user accounts are affected.
Action
No action is required from your end.
Related Articles
How to fix a SSL connection error when downloading the Site24x7 Linux server monitoring agent installer
In a few scenarios, when you try to download the Site24x7 Linux server monitoring agent installer, an SSL connection failure error message will display. Follow the instructions below based on your use case to fix this error. Prerequisite: For ...Steps to install Linux monitoring agent in custom platforms/distributions
If you want to install the Site24x7 Server Monitoring agent in platforms/flavors other than Debian, Ubuntu, CentOS, RedHat, Madriva, Fedora, Suse, Amazon Linux, Gentoo, CoreOS, Raspberry Pi (requires Python 3 and above), ARM Processor (requires ...How to manually install the AppLogs agent
The AppLogs agent is used to automatically discover and upload your server and application logs to Site24x7. Site24x7's AppLogs agent works with an existing Site24x7 server monitoring agent and comes with AppLogs installed. You can also manually ...List of log files generated and maintained by the Site24x7 server monitoring agent
Here is the list of log files generated by the Linux and Windows server monitoring agent. The log files are stored in the same directory where the agent source file is installed. By default they are at: For Linux : ...APM Insight agent log paths
Folder path to view One agent logs One agent logs can be found only in the common application folder in Windows (usually under C:\ProgramData from Vista onwards). Check the following folder path in Windows: C:\ProgramData\Site24x7APMOneAgent\Logs ...