AccessAudit is an extension to Linux instances to log all logins securely and tamperproof in in the immudb Vault immutable database for audit and forensic purposes. All logins are logged with rich metadata (IP, time, user, time etc.). A query tool is provided to query and serach the audit log in the database and export it.
AccessAudit allows server administrator, auditors etc. to provide a cryptographically strong, and tamperproof tally all accesses to their Linux instances.
First, create an account on https://vault.immudb.io and obtain an API key there.
AccessAudit is a script that will do the following for your local and remote Linux machines:
- Modify your rsyslog.conf so that all logins to your Linux instance will also be logged in immudb Vault. They will also continue to be stored in your local system, of course.
- Gives you a query tool to search immudb Vault for logins and related info and export values in CSV
| Feature | Supported |
|---|---|
| Debian/Ubuntu/Mint/Arch | ✅ |
| Red Hat/AlmaLinux/Rocky | ✅ |
| Obtains latest immudb | ✅ |
| Enables auto-start of db at boot | ✅ |
| Query tool with search for db | ✅ |
| SSL support | ✅ |
| Windows | ❌ |
| Extend to other event logging | Soon |
- Get the repo:
git clone git@github.com:moshix/AccessAudit.git
- Run the installation script
./install.bash
- Use the query program:
accessaudit last 5
or
accessaudit search moshix
If you experience problems during the install, check out the logs/ directory and then report an issue in this repo.
Moshix
July 18, 2024