Agent Components

On Audited UNIX computers

To enable auditing for Linux and UNIX computers, you must install the Delinea Agent for *NIX on the computers you want to audit and make sure the computers are joined to an Active Directory domain. Joining a domain is required to ensure that authentication and authorization services are provided by Active Directory. To enable auditing on a computer, the Delinea Agent for *NIX includes the following components:

  • dad—the core auditing service that collects the audit data and either sends it to a collector or spools it locally until a collector is available.
  • cdash—the UNIX shell wrapper that intercepts all user traffic and sends it to the dad process.
  • dacontrol, dainfo, dareload, and other command-line programs that enable you to manage agent operations from a login shell.
  • dax—the audit service that records graphical user interface sessions on xWindows computers. Consult the release notes for which xWindows versions are supported.

If you're auditing only shell sessions on a UNIX computer: after you enable auditing on a computer, the agent captures all output (stdout), error messages (stderr), and user input (stdin) except for passwords. By default, the agent captures user input even if a user runs commands with echo turned off. For example, if a user logs on, then runs echo off before typing the sudo command, the auditing service captures the sudo entry as part of the user’s session.

If you're auditing xWindows sessions: the agent captures all windows that a user opens and which user interface items the user interacts with. For web browser applications, the agent captures the title of the web page but not any activity within the web page.

On Audited Windows Computers

To enable auditing for Windows computers, you must install the Delinea Agent for Windows on the computers you want to audit and make sure the computers are joined to an Active Directory domain. Joining a domain is required to ensure that authentication and authorization services are provided by Active Directory. If you enable auditing for the Delinea Agent for Windows, the agent includes the following components:

  • wdad—the Windows audit data collection service.
  • wash—the Windows service that intercepts all user traffic and sends it to the Windows audit data collection service.
  • The Agent Control Panel—an applet that enables you to configure and manage the agent.

For example, you can use the Agent Control Panel to configure the color depth of audit data to achieve the desired balance between playback screen resolution and audit store database size.