Skip to content
/ auditdBroFramework Public

The Auditd Framework logs and applies security policy to linux auditd data

15 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

set-element/auditdBroFramework

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

41 Commits
bro_policy
bro_policy
 
 
docs/images
docs/images
 
 
log_normalizer
log_normalizer
 
 
log_normalizer_DEPRECATED
log_normalizer_DEPRECATED
 
 
system_config
system_config
 
 
README.md
README.md
 
 

Repository files navigation

Directory structure looks like: bro_policy Former location of bro policy for digesting logs. Moved to it's own repo for now.

docs Just some pics to keep track of the data flow.

log_normalizer c-Based log normalizer script - see README for details. More docs coming...

log_normalizer_deprecated Python script to take the output from the auditd logs and make them somewhat more machine parsable. Please note that this program leaks memory badly based on some interactions between python < 3.3 and libc. Since the audit-libs-python.x86_64 package seems to have issues with python 3.x I have given up hope for this.

system_config Sample config files for the /etc/audit directory which will control the behavior of auditd (auditd.conf) and what will get recorded by the system reporting (audit.rules).

About

The Auditd Framework logs and applies security policy to linux auditd data

Resources

Readme
Activity

Stars

15 stars

Watchers

4 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages