football

KNEL/football

Fork 0

Commit Graph

Author	SHA1	Message	Date
Charles N Wyble	54d988477f	refactor: Complete directory cleanup Finalizes directory cleanup by removing obsolete files: - All old debootstrap build scripts (docker-.sh, final-simple-build.sh) - All old documentation from root (BUILD-.md, DOCKER-*.md) - Obsolete Dockerfiles (Dockerfile, Dockerfile.build) - Obsolete chroot-overlay/ directory (now using preseed.cfg) - Old build.sh (replaced by scripts/build-iso.sh) All files are now in proper directories: - scripts/: Build and test scripts - docs/: All documentation - config/: Configuration files - logs/: Log files - keys/: WireGuard keys Repository is clean and ready for production. 💘 Generated with Crush Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>	2026-01-20 12:01:10 -05:00
Charles N Wyble	d9eb08c9fd	feat: implement comprehensive auditing and logging for compliance - Add CIS audit rules for system events monitoring - Configure rsyslog for centralized security logging - Implement logrotate for 365-day retention - Add AIDE file integrity monitoring configuration Audit Rules Coverage: - System calls monitoring - Privileged command execution - File access and modification - User/group information changes - Network configuration changes - Cron and service management - Login and session events Logging Features: - Separate logs for security, admin, access, change events - Rate limiting to prevent log flooding - RFC 5424 format compliance - Secure file permissions (0640) File Integrity Monitoring: - AIDE daily integrity checks - Monitor critical system files and directories - Exclude volatile filesystems (/proc, /sys, /tmp) - Automated integrity verification Compliance: - CIS Benchmark 4.1: Audit and Accountability - CMMC Level 3: AU domain (Audit and Accountability) - FedRAMP Moderate: AU controls 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>	2026-01-13 13:13:09 -05:00

Author

SHA1

Message

Date

Charles N Wyble

54d988477f

refactor: Complete directory cleanup

Finalizes directory cleanup by removing obsolete files:
- All old debootstrap build scripts (docker-*.sh, final-simple-build.sh)
- All old documentation from root (BUILD-*.md, DOCKER-*.md)
- Obsolete Dockerfiles (Dockerfile, Dockerfile.build)
- Obsolete chroot-overlay/ directory (now using preseed.cfg)
- Old build.sh (replaced by scripts/build-iso.sh)

All files are now in proper directories:
- scripts/: Build and test scripts
- docs/: All documentation
- config/: Configuration files
- logs/: Log files
- keys/: WireGuard keys

Repository is clean and ready for production.

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>

2026-01-20 12:01:10 -05:00

Charles N Wyble

d9eb08c9fd

feat: implement comprehensive auditing and logging for compliance

- Add CIS audit rules for system events monitoring
- Configure rsyslog for centralized security logging
- Implement logrotate for 365-day retention
- Add AIDE file integrity monitoring configuration

Audit Rules Coverage:
- System calls monitoring
- Privileged command execution
- File access and modification
- User/group information changes
- Network configuration changes
- Cron and service management
- Login and session events

Logging Features:
- Separate logs for security, admin, access, change events
- Rate limiting to prevent log flooding
- RFC 5424 format compliance
- Secure file permissions (0640)

File Integrity Monitoring:
- AIDE daily integrity checks
- Monitor critical system files and directories
- Exclude volatile filesystems (/proc, /sys, /tmp)
- Automated integrity verification

Compliance:
- CIS Benchmark 4.1: Audit and Accountability
- CMMC Level 3: AU domain (Audit and Accountability)
- FedRAMP Moderate: AU controls

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>

2026-01-13 13:13:09 -05:00

2 Commits