Site24x7 Linux Agent modifications to "/etc/passwd" and "/etc/shadow" files - FIM Events
Scenario
You may see the Site24x7 Linux agent modifying files associated with the operating system.
Reason
The /etc/passwd and /etc/shadow files are critical operating system files that store user account information on a server. The Site24x7 Linux agent interacts with these files specifically to manage the site24x7-agent user account, which is essential for its proper functioning and security.
The Site24x7 Linux agent will modify the /etc/passwd and /etc/shadow files exclusively for the site24x7-agent user under the following circumstances:
- Upon installation of the Site24x7 Linux agent on a server, the agent utilizes the useradd command to create the dedicated site24x7-agent user. This action results in the creation of a new entry for the site24x7-agent user, including its details, within both the /etc/passwd and /etc/shadow files.
- When the Site24x7 Linux agent is upgraded to version 19.6.0 or any subsequent version from an older release, a modification occurs in the /etc/passwd file. The purpose of this modification is to change the "site24x7-agent" user's login shell to /sbin/nologin. This change enhances security by preventing direct interactive logins for the agent user, a feature supported from the Linux agent version 19.6.0 onwards.
- During the uninstallation process of the Site24x7 Linux agent, the agent executes the "userdel" command to remove the "site24x7-agent" user account from the server. The execution of the "userdel" command subsequently modifies both the /etc/passwd and /etc/shadow files to remove the corresponding user entries.
All modifications detailed above are strictly limited to the "site24x7-agent" user. This is because the agent specifically invokes the "useradd" and "userdel" utilities with the "site24x7-agent" username specified, ensuring that no other user accounts are affected.
Action
No action is required from your end.
Related Articles
How to uninstall the Site24x7 Windows Server Monitoring Agent
Method 1: To uninstall the Site24x7 Windows Server Monitoring Agent, click the link below: https://staticdownloads.site24x7.com/server/Site24x7WindowsAgentUninstall.zip Unzip and execute the Uninstall.bat file in the Command Prompt as an ...How to generate a HAR file?
HTTP Archive (HAR) stores all web requests made by the browser, including: The request and response headers and bodies. Connection, response, and download times. Failed requests or network errors. HAR files help troubleshoot issues related to speed, ...Bundled .NET and .NET Core agents in a single MSI
In APM Insight .NET agent version 6.8.0, the .NET and .NET Core agents have been bundled into a single MSI, enabling unified monitoring of both application types. Upgrade requirements for .NET Core agent 6.7 and below If you're using .NET Core agent ...How to retrieve logs from different Site24x7 monitors
The log location varies with different agents and monitors. View a consolidated list here: Site24x7 Server Monitoring agent Monitor or module OS Directory, path, or command Detailed reference Server Monitoring Agent Windows Installation directory > ...How to identify and resolve conflicts between other APM products and the APM Insight .NET agent
Problem statement: You are experiencing either of the below issues and suspect that another APM product is interfering with the Site24x7 .NET agent. 1. The .NET monitor is not created under APM > APM Insight > Applications, even after the .NET agent ...