2017.06.19 23:55, Steve Grubb rašė:
I have released the audit-explorer shiny app that I have been demo'ing this
spring:
https://github.com/stevegrubb/audit-explorer
Very nice, thanks for sharing!
Now if we are talking about tools, are there somewhere (maybe in your shelf? :-) ) a conveniently configurable tool for
generating daily plaintext (or HTML) reports, that could be sent via email from machine your are interested in?
For example, I had to build custom bash script at work, that uses ausearch, aureport and even grep (for AppArmor events
since it has issues with it's audit messages) to aggregate most interesting audit records (for example, with -k
apache_user_executed_binaries, non-root executed something as root, failed logins and such) and sends it via email every
day.
Though it is not that complicated to fill your .sh with bunch of ausearch/aureport/grep calls, it feels like I'm
reimplementing something...
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
