Linux Agent Features

The Linux agent is a component of a security and monitoring system that installs onto a Linux workstation. The agent logs all user actions, analyzes the network and file traffic, controls devices and applications used.

The built-in DLP module ensures protection from data leaks. This module intercepts potentially dangerous operations such as copying confidential files or transferring information via unsanctioned channels.

A flexible rule system allows you to accurately configure agent behaviour to align with your organization’s security policies.

Agent Management

Feature

Description

Web interface

Configure data collection rules via the web UI.
See Computer configurations.

Configuration file

Set up logging and monitoring via a config file.

Command line

Manage agents via the command line.

Gentoo ebuild package

Install an agent using the Gentoo package manager.

Remote control

Control workstation agents without physical access.

Activity Monitoring

Feature

Description

Screenshots

Capture screenshots:

* on a timer, to monitor activity continuously, without relying on mouse or keyboard movements
* when switching between applications or windows
* conditionally, such as when opening a browser

You can configure the screenshot color depth and compression to save disk space.

Time tracking

Track time spent in applications.
Label user activity as productive, unproductive, or neutral.

Keylogger

Log keystrokes, including input from secure fields and terminals.

Command history

Record Shell, Bash, Zsh commands.

Shell sessions

Save terminal sessions as text or GIF recordings.

Clipboard

Capture text, images, passwords, and other clipboard data.

Audio recording

Record audio continuously or conditionally (such as when a user opens Zoom)

Camera

Take webcam photos on a schedule or based on triggers (e.g., app launches).

Log in/log out

Record users logging in/out of the system, including SSH sessions.

Print (CUPS)

Capture printing commands sent via CUPS.

Screen recorder

Record video of the user’s desktop.

File Control

Feature

Description

File operations

Capture file operations: create, copy, save, delete.

Shadow copies

Create shadow copies of files captured via file operations.

File scanner

Check file contents. For example, you can search for files containing passport or bank card information.

External Device Control

Feature

Description

USB devices

Record connected USB devices.

USB blocking

Limit the USB devices allowed to connect to a workstation using lists.

Internet Activity Control

Feature

Description

Browser history

Record visited sites, visit time, time spent.
Supports Firefox, Chrome, Vivaldi.

Site blocking

Limit access to listed sites.

SNAP support

Monitor browsers installed via SNAP packages. Ensures monitoring of non-standard environments.

Network Monitoring

Feature

Description

Network traffic capture

IMAP, POP3, POST requests, SMTP output.

Outgoing TCP and SSL/TLS sessions

Record TCP connections and TLS/SSL sessions.

STARTTLS support

Capture email content.

STARTTLS is a protocol that turns on email traffic encryption after a server connection is established.

The agent captures traffic before STARTTLS is activated, when the data is transferred openly.

Port monitoring

Configure monitoring of standard and non-standard ports.

Data Capture

Feature

Description

Mail clients

Supports: Thunderbird, Akonadi, Evolution, Geary, Р7-Office.Organizer.

Messengers

Supports:

  • Telegram — desktop

  • VK mail, VK Teams — chat and file capture

Business services

Bitrix — web and desktop versions.
Chat and file capture.

Cloud storage

Supports Nextcloud, Owncloud, OneDrive, Yandex.Disk.
Captures uploaded and downloaded files.

Application Attributes

Feature

Description

Window names and icons

Record window titles.
For example: Microsoft Word — report.docx.
The icons are saved for a visual comparison with the applications.