auditd on builders #50

New issue

Open

opened 2024-07-09 23:19:40 +00:00 by raito · 2 comments

raito commented 2024-07-09 23:19:40 +00:00

Owner

Copy link

(Low priority)

Figuring out a simple auditd configuration for builders and ship it to meta01 or similar for further review/forensics would be great.

**(Low priority)** Figuring out a **simple** auditd configuration for builders and ship it to meta01 or similar for further review/forensics would be great.

emilylange commented 2024-07-10 12:05:47 +00:00

Member

Copy link

Plain auditd, or something much nicer and easier to read and still fairly simple like https://github.com/threathunters-io/laurel?

We could collect laurel's json logs via Grafana Agent and sent them to Loki.

Plain auditd, or something much nicer and easier to read and still fairly simple like https://github.com/threathunters-io/laurel? We could collect laurel's json logs via Grafana Agent and sent them to Loki.

raito commented 2024-07-10 13:16:12 +00:00

Author

Owner

Copy link

I would go for Laurel personally, yes.

I would go for Laurel personally, yes.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

cache-ipv4

format

channel-scripts

acls

hexchen/colmena-checker

hexy/credentials

buildbot

ckie/moarr-v4

gerrit-metrics

moar-builders

unplug-epyc

hydra-wire-up

alertmanager

fodwatch

cadvisor-containers

gerrit-http-clones

meta01

No results found.

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: the-distro/infra#50

No description provided.