Support

SYSTEM REQUIREMENTS & GUIDE

Deployment documentation for standalone, air-gapped workstations.

1. Platform Specifications

Supported Operating Systems

  • Windows: 10 (32/64-bit) & 11 (64-bit)
  • Linux (RPM): RHEL 7, 8, 9, 10
  • Linux (DEB): Debian 11+, Ubuntu 20.04+, Kali

Hardware Requirements

  • Disk Space: 500 MB minimum (+100MB/week for archival)
  • RAM: 4 GB minimum recommended
  • Connectivity: None required (Air-Gap Native)

2. Pre-Installation Configuration

Crucial: You must enable specific auditing policies on the host OS before installation. If these are not configured, the “Watcher” service will not detect security events.

A. Windows Configuration

Run in Administrator Command Prompt to enable Event IDs 4624, 4625, 4663, 6005, 1102.

1. Enable Logon/Logoff
auditpol /set /subcategory:”Logon” /success:enable /failure:enable auditpol /set /subcategory:”Logoff” /success:enable /failure:enable
2. Enable Object Access
auditpol /set /subcategory:”File System” /success:enable /failure:enable

*Note: Apply SACLs to specific folders you wish to monitor.

3. Enable System Integrity
auditpol /set /subcategory:”System Integrity” /success:enable /failure:enable auditpol /set /subcategory:”Audit Policy Change” /success:enable /failure:enable

B. Linux Configuration

Configure auditd to catch syscalls (RHEL & Debian).

1. Start Daemon
systemctl enable auditd systemctl start auditd
2. Update audit.rules
# Capture USB/Media mounting -a always,exit -F arch=b64 -S mount -F auid>=1000 -F auid!=4294967295 -k media_mount # Capture Sudo/Execution -a always,exit -F arch=b64 -S execve -k root_action # Monitor Bash History deletion -w /home/ -p wa -k shell_history_tamper

Run augenrules --load to apply.

3. Installation Instructions

A. Windows

  • Run Installer: Launch the .exe. It automatically detects architecture (32/64-bit).
  • Service: Registers PicoAuditSvc as LocalSystem.
  • User Groups: Creates local group auditors.
Action Required: Manually add your Auditor user accounts to the auditors group. Users NOT in this group cannot launch the dashboard.
  • First Run: Launch Pico Audit to create the hardware baseline.

B. Linux (RHEL & Debian)

1. Install Package
# For RHEL 7, 8, 9, 10 sudo rpm -ivh PicoAuditSetup.rpm
# For Debian / Ubuntu / Kali sudo dpkg -i PicoAuditSetup.deb sudo apt-get install -f # (If dependencies missing)
  • Service: Daemon configured to run as Root.
  • SELinux/AppArmor: Contexts applied automatically.
2. Add User to Group
usermod -aG auditors <username>

4. Licensing & Activation

1
Launch & Trial

Upon first launch, you are in Trial Mode (30 Days).

2
Get Hardware ID

Go to Settings Tab and copy your Machine Hardware ID.

3
Generate Code

Enter ID in the User Portal to get your code.

4
Unlock

Enter Activation Code (e.g., ABCD-EFGH) to activate.

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by