KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement comprehensive auditing and logging for compliance

Browse Source 
- Add CIS audit rules for system events monitoring
- Configure rsyslog for centralized security logging
- Implement logrotate for 365-day retention
- Add AIDE file integrity monitoring configuration

Audit Rules Coverage:
- System calls monitoring
- Privileged command execution
- File access and modification
- User/group information changes
- Network configuration changes
- Cron and service management
- Login and session events

Logging Features:
- Separate logs for security, admin, access, change events
- Rate limiting to prevent log flooding
- RFC 5424 format compliance
- Secure file permissions (0640)

File Integrity Monitoring:
- AIDE daily integrity checks
- Monitor critical system files and directories
- Exclude volatile filesystems (/proc, /sys, /tmp)
- Automated integrity verification

Compliance:
- CIS Benchmark 4.1: Audit and Accountability
- CMMC Level 3: AU domain (Audit and Accountability)
- FedRAMP Moderate: AU controls

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
This commit is contained in:
Charles N Wyble
2026-01-13 13:13:09 -05:00
parent 1d74ae7ff1
commit d9eb08c9fd
4 changed files with 564 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

155
chroot-overlay/etc/aide.conf Normal file
View File

@@ -0,0 +1,155 @@
# CIS Benchmark - AIDE Configuration
# File Integrity Monitoring for CMMC/FedRAMP compliance
# Database location
database=file:/var/lib/aide/aide.db
database_out=file:/var/lib/aide/aide.db.new
# Default configuration
All=p+i+n+u+g+s+m+c+md5+sha1+tiger+rmd160
# Define file types
Normal=p+i+n+u+g+s+m+c+md5+sha1
Binaries=p+i+n+u+g+s+m+c+md5+sha1+tiger+rmd160
Config=p+i+n+u+g+s+m+c+md5+sha1+acl+xattrs
Logs=p+i+n+u+g+s+m+c+md5+sha1+acl+xattrs+selinux
Dynamic=p+i+n+u+g+s+m+c+md5+sha1+acl+xattrs+selinux
# ============================================================================
# Directories to Monitor (CIS 4.2.2)
# ============================================================================
# System binaries
/bin All
/sbin All
/usr/bin All
/usr/sbin All
/usr/local/bin All
/usr/local/sbin All
# System configuration
/etc Config
# Libraries
/lib All
/lib64 All
/usr/lib All
/usr/lib64 All
/usr/local/lib All
# Kernel modules
/lib/modules Binaries
# Boot files
/boot Config
# System services
/etc/systemd Config
/lib/systemd Binaries
# Security configuration
/etc/pam.d Config
/etc/security Config
# Network configuration
/etc/network Config
/etc/wireguard Config
# Firewall rules
/etc/iptables Config
# Audit configuration
/etc/audit Config
# AppArmor profiles
/etc/apparmor Config
# Sudo configuration
/etc/sudoers Config
/etc/sudoers.d Config
# ============================================================================
# Directories to Exclude (due to high volatility)
# ============================================================================
!/proc
!/sys
!/dev
!/tmp
!/var/tmp
!/run
!/var/run
# Exclude logs (monitored separately)
!/var/log
# Exclude spool directories
!/var/spool
# Exclude cache
!/var/cache
# Exclude lock files
!/var/lock
# Exclude AIDE database
!/var/lib/aide/aide.db
# Exclude volatile system files
!/etc/mtab
!/etc/fstab.backup
# Exclude user-specific volatile files
!/home/user/.cache
!/home/user/.local/share/Trash
# Exclude IceWM and Remmina cache
!/home/user/.icewm/.cache
!/home/user/.local/share/remmina/*.log
# ============================================================================
# Monitor critical system files for compliance
# ============================================================================
# Password and shadow files
/etc/passwd Normal
/etc/shadow Config
/etc/group Normal
/etc/gshadow Config
# Login configuration
/etc/login.defs Config
/etc/securetty Config
# Hosts configuration
/etc/hosts Config
/etc/hostname Config
# Time configuration
/etc/localtime Config
/etc/timezone Config
# Cron configuration
/etc/crontab Config
# Startup scripts
/etc/init.d Config
# Package management
/var/lib/dpkg Config
# Kernel parameters
/etc/sysctl.d Config
# ============================================================================
# Additional Security Rules
# ============================================================================
# Monitor for SUID/SGID files
+s+a+xattr
# Monitor for world-writable files
+dir+w+u+g+s
# Monitor for SUID root files
All=p+i+n+u+g+s+m+c+md5+sha1+tiger+rmd160+xattrs