sudo
: using sudo
is technically a relevant security event, but if the user already has root privileges, it cannot result in privilege escalation, so that event is automatically approved./etc
, /bin
, /sbin
, /boot
, /usr/bin
, /usr/sbin
.
Note that Aptible also monitors changes to files under these directories in real-time. If they change, HIDS generates a file integrity alert.