<h2>Linux Elevation Control</h2>
<ol>
<li><span data-teams="true">Sudo commands allow the user to execute an action as a superuser. When a user performs this action in a Linux terminal, ThreatLocker logs it in the Unified Audit as an ‘Elevate’ Action Type.&nbsp;</span><br><img src="https://cdn.livechat-files.com/api/file/kb/file/9686855/a7a7b77981-8583330442f595c54ca8.png"><br><br><img src="https://cdn.livechat-files.com/api/file/kb/file/9686855/906cd4ed81-080bd8f52952f1110fcb.png"></li>
<li>On a Windows machine, the ‘Elevate’ action type would signify a user gaining elevated privileges, but Linux machines do not operate the same way. Instead, if a Linux machine displays the ‘Elevate’ action type, it is to inform you through the Unified Audit that a user has run the sudo command. Additionally, it prevents the user from continuously typing the sudo password when running a sudo command.&nbsp;</li>
<li><span data-teams="true">This feature only works with file paths and does not work with hashes.&nbsp;</span></li>
</ol>

LINUX ELEVATION CONTROL

 1. Sudo commands allow the user to execute an action as a superuser. When a user performs this action in a Linux terminal, ThreatLocker logs it in the Unified Audit as an ‘Elevate’ Action Type. 
    
    
    
 2. On a Windows machine, the ‘Elevate’ action type would signify a user gaining elevated privileges, but Linux machines do not operate the same way. Instead, if a Linux machine displays the ‘Elevate’ action type, it is to inform you through the Unified Audit that a user has run the sudo command. Additionally, it prevents the user from continuously typing the sudo password when running a sudo command. 
 3. This feature only works with file paths and does not work with hashes. 

Linux Elevation Control