moshix / AccessAudit

An immutable Linux login access audit system

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Hits

What is AccessAudit?

AccessAudit is an extension to Linux instances to log all logins securely and tamperproof in in the immudb Vault immutable database for audit and forensic purposes. All logins are logged with rich metadata (IP, time, user, time etc.). A query tool is provided to query and serach the audit log in the database and export it.

AccessAudit allows server administrator, auditors etc. to provide a cryptographically strong, and tamperproof tally all accesses to their Linux instances.

How does AccessAudit Work?

First, create an account on https://vault.immudb.io and obtian an API key there

AccessAudit is a script that will do the following for your local and remote Linux machines:

  1. Modify your rsyslog.conf so that all logins to your Linux instance will also be logged in immudb Vault. They will also continue to be stored in your local system, of course.
  2. Gives you a query tool to search immudb Vault for logins and related info and export values in CSV

Features

Feature Supported
Debian/Ubuntu/Mint/Arch
Red Hat/AlmaLinux/Rocky
Obtains latest immudb
Enables auto-start of db at boot
Query tool with search for db
SSL support
Windows
Extend to other event logging Soon

How To Install AccessAudit

  1. Get the repo:

git clone git@github.com:moshix/AccessAudit.git

  1. Run the installation script

./install.bash

  1. Use the query program:

accessaudit last 5

or

accessaudit search moshix

If you experience problems during the install, check out the logs/ directory and then report an issue in this repo.

Moshix
July 18, 2022

About

An immutable Linux login access audit system

License:GNU General Public License v3.0


Languages

Language:Shell 80.1%Language:Go 19.9%