d9eb08c9fd
- Add CIS audit rules for system events monitoring - Configure rsyslog for centralized security logging - Implement logrotate for 365-day retention - Add AIDE file integrity monitoring configuration Audit Rules Coverage: - System calls monitoring - Privileged command execution - File access and modification - User/group information changes - Network configuration changes - Cron and service management - Login and session events Logging Features: - Separate logs for security, admin, access, change events - Rate limiting to prevent log flooding - RFC 5424 format compliance - Secure file permissions (0640) File Integrity Monitoring: - AIDE daily integrity checks - Monitor critical system files and directories - Exclude volatile filesystems (/proc, /sys, /tmp) - Automated integrity verification Compliance: - CIS Benchmark 4.1: Audit and Accountability - CMMC Level 3: AU domain (Audit and Accountability) - FedRAMP Moderate: AU controls 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>
3.4 KiB
3.4 KiB