ADR-002: make central-logging + alerting controls concrete (ADR-018)
This commit is contained in:
parent
2894319f01
commit
30c6a93c28
1 changed files with 6 additions and 3 deletions
|
|
@ -87,7 +87,9 @@ time. Each heading tags the threat(s) it primarily serves.
|
||||||
### Audit trail — *agent error, blast radius*
|
### Audit trail — *agent error, blast radius*
|
||||||
|
|
||||||
- `auditd` installed and running with a baseline ruleset
|
- `auditd` installed and running with a baseline ruleset
|
||||||
- Logs shipped to a central location if a log aggregation service is available
|
- Logs shipped to a central location in near-real-time — all logs to an on-cluster
|
||||||
|
Loki, plus a security-relevant subset write-only off-site to `askari` so the audit
|
||||||
|
trail survives host (and full-cluster) compromise (ADR-018)
|
||||||
|
|
||||||
### Mandatory access control — *blast radius*
|
### Mandatory access control — *blast radius*
|
||||||
|
|
||||||
|
|
@ -102,8 +104,9 @@ time. Each heading tags the threat(s) it primarily serves.
|
||||||
- **AIDE** file-integrity monitoring (required by the CIS Debian benchmark) — detects
|
- **AIDE** file-integrity monitoring (required by the CIS Debian benchmark) — detects
|
||||||
unexpected changes to system files
|
unexpected changes to system files
|
||||||
- **Network IDS** — Suricata on OPNsense (planned; see STATUS.md / TODO)
|
- **Network IDS** — Suricata on OPNsense (planned; see STATUS.md / TODO)
|
||||||
- **Active alerting** wires AIDE, `auditd`, `fail2ban`, and Suricata into the
|
- **Active alerting** wires AIDE, `auditd`, `fail2ban`, and Suricata — plus
|
||||||
monitoring/alerting stack (planned; ties to the Loki/Grafana effort)
|
log-source-silence (a host that stops shipping) — into Grafana alerting on the
|
||||||
|
Loki/Grafana stack (ADR-018; planned)
|
||||||
|
|
||||||
## Secrets management — *agent error, opportunistic*
|
## Secrets management — *agent error, opportunistic*
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue