Monitoring with Addigy can have many benefits such as being able to tell if someone is trying to initiate an SSH into one of your users’ devices. Addigy allows for alerting and remediation.
Prerequisites:
There are two options to monitor Remote Login and Remote Access using Monitoring items:
Leveraging existing Device Facts
We already have Device Facts for both Remote Login and Remote Access. The device fact for Remote Login is called Remote Login Enabled and the device fact for Remote Access is called Remote Desktop Enabled. Both of these facts can be leveraged to create Monitoring Items. Therefore it would only take two simple steps to start monitoring Remote Access and Remote Login with Addigy.
Create Monitoring Item for Remote Login
Create Monitoring Item for Remote Access
Creating a Custom Fact that monitors for both Remote Login and Remote Access
If you would rather have a single Monitoring Item that checks for both Remote Login and Remote Access. This can be achieved by creating a Custom Fact.
Remote Login can be checked using
/usr/sbin/systemsetup getremotelogin
Remote Access can be checked using
ps ax | grep -v grep | grep ARDAgent
As mentioned above, both commands can be combined into a unique script to be used in a Custom Fact that can then be used in a Monitoring Item.
Please note: A monitoring item to check for Remote Access might result in false alerts as it's checking for the process and the process might stop running from time to time. Please keep this in mind if you decide creating this Monitoring Item.