ADR-002: make central-logging + alerting controls concrete (ADR-018)
This commit is contained in:
parent
2894319f01
commit
30c6a93c28
1 changed files with 6 additions and 3 deletions
|
|
@ -87,7 +87,9 @@ time. Each heading tags the threat(s) it primarily serves.
|
|||
### Audit trail — *agent error, blast radius*
|
||||
|
||||
- `auditd` installed and running with a baseline ruleset
|
||||
- Logs shipped to a central location if a log aggregation service is available
|
||||
- Logs shipped to a central location in near-real-time — all logs to an on-cluster
|
||||
Loki, plus a security-relevant subset write-only off-site to `askari` so the audit
|
||||
trail survives host (and full-cluster) compromise (ADR-018)
|
||||
|
||||
### Mandatory access control — *blast radius*
|
||||
|
||||
|
|
@ -102,8 +104,9 @@ time. Each heading tags the threat(s) it primarily serves.
|
|||
- **AIDE** file-integrity monitoring (required by the CIS Debian benchmark) — detects
|
||||
unexpected changes to system files
|
||||
- **Network IDS** — Suricata on OPNsense (planned; see STATUS.md / TODO)
|
||||
- **Active alerting** wires AIDE, `auditd`, `fail2ban`, and Suricata into the
|
||||
monitoring/alerting stack (planned; ties to the Loki/Grafana effort)
|
||||
- **Active alerting** wires AIDE, `auditd`, `fail2ban`, and Suricata — plus
|
||||
log-source-silence (a host that stops shipping) — into Grafana alerting on the
|
||||
Loki/Grafana stack (ADR-018; planned)
|
||||
|
||||
## Secrets management — *agent error, opportunistic*
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue