Distributed Audit / Log Shipping Daemon
The shipping daemon will deliver the audit trails generated through the network to a master system, that will admin the trails to have the auditing centralized, ease to admin and practical. The admin will have all the trails in one system and can do the security auditing in one system (perhaps a special system to keep the auditing). Some mechanisms as SHA256 checksum and cryptographic features will be implemented to guarantee the integrity of the delivery system.
- May 24th - Jun 6th
Code the shippd daemon and modify auditd to call it when a trail is finalized.
- Jun 7th - Jun 27th
Code the features of shipd daemon that will communicate with the master system, also, code the master daemon that will receive the files. In this phase, SHA256 checksum will be implemented (as well as file listings comparison).
- Jun 28th, Jul 4th
Do the master work, this is, receive the files and perform the appropiate pathing, and the right naming (to prevent duplicates when errors occurs).
- Jul 5th, Jul 16th
Perform the mid-term prep testing.
- Jul 17th, Jul 31st
Implement SSL in the network communication
- Aug 1st, Aug 8th
Perform the final testing.
- Aug 9th, Aug 16th
Document the tool.
The project is already finished, it includes now:
The shipd daemon is working and has been tested in a small network, this daemon:
- perform sync based on any of the three "panic levels"
- when panic level is 2, the daemon only synchronize the latest trails
- when panic level is 3, the daemon checks for all trails
- connects with damasterd daemon, ask if there is a trail in master's and send those missing
The damasterd daemon is working and has been tested in a small network, this daemon:
- checks if the trails are in master's
- according to the parameters, it either search/creates trails under slave's root directory or create a directory per each host
- if the SHA256 checksum for a trail isn't equal, the daemon assumes there is no such trail and then the shipd daemon will send it again
- the naming convention of the trails, in an example:
- trail_init .trail_end .host .date/time received
* SSL encryption
integrate with current audit (using audit_warn or modifying auditd)
implement SSL in network communication
define the location of the parameters (maybe audit_control or maybe another config file) and arrange the naming and comments
the doc (the file ideas.txt already has a lot of doc about the parameters)