ADR-002: make central-logging + alerting controls concrete (ADR-018)

This commit is contained in:
sjat 2026-06-06 07:02:32 +02:00
parent 2894319f01
commit 30c6a93c28

View file

@ -87,7 +87,9 @@ time. Each heading tags the threat(s) it primarily serves.
### Audit trail — *agent error, blast radius*
- `auditd` installed and running with a baseline ruleset
- Logs shipped to a central location if a log aggregation service is available
- Logs shipped to a central location in near-real-time — all logs to an on-cluster
Loki, plus a security-relevant subset write-only off-site to `askari` so the audit
trail survives host (and full-cluster) compromise (ADR-018)
### Mandatory access control — *blast radius*
@ -102,8 +104,9 @@ time. Each heading tags the threat(s) it primarily serves.
- **AIDE** file-integrity monitoring (required by the CIS Debian benchmark) — detects
unexpected changes to system files
- **Network IDS** — Suricata on OPNsense (planned; see STATUS.md / TODO)
- **Active alerting** wires AIDE, `auditd`, `fail2ban`, and Suricata into the
monitoring/alerting stack (planned; ties to the Loki/Grafana effort)
- **Active alerting** wires AIDE, `auditd`, `fail2ban`, and Suricata — plus
log-source-silence (a host that stops shipping) — into Grafana alerting on the
Loki/Grafana stack (ADR-018; planned)
## Secrets management — *agent error, opportunistic*