infrastructure icon indicating copy to clipboard operation
infrastructure copied to clipboard
verified publisher icon adoptium

EPIC: Define & Implement Access Auditing Policy & Tools

Open steelhead31 opened this issue 2 years ago • 1 comments

As part of Secure Dev, we need to define an access auditing policy, and implement tools/processes to provide this service.

This issue is set up to track work relating to this piece..

Tasks
------------------

  1. Investigate monitoring strategies & applicable tools : #2968 - Done

  2. Detail Next Steps For Preferred Tool : #3076 - Done

  3. Deploy Wazuh To All Build Hosts : Done: 08/11/2023 : https://github.com/adoptium/infrastructure/issues/3235

  4. Create Wazuh Code & Configuration Snippets Area in Infrastructure Repository.: https://github.com/adoptium/infrastructure/pull/3262- Complete

  5. Create mechanism for tracing ssh logins: Issue 3212 : - Complete

  6. Update Wazuh to current version, and define upgrade process and policy for both Wazuh server and agents. - 10/07/2024 - Completed: https://github.com/adoptium/infrastructure/issues/3654

  7. Create DNS Name For Wazuh Server - EF issue raised : https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/5076 ( 04/10/2024 ) - Completed - 07/10/2024

  8. Add certificates & configure https - https://github.com/adoptium/infrastructure/issues/3768

  9. Define critical alerts & create filters.

  10. Create & Configure Slack Integration For Critical Alerts

  11. Deploy Wazuh To All Test Hosts

  12. Investigate how to build Wazuh agent from source on RHEL8 / s390x

  13. Investigate how to build Wazuh agent from source on RISCV build machines

  14. Investigate Auditing SSH/SSHD versions using Wazuh

steelhead31 avatar May 05 '23 07:05 steelhead31

For monitoring valid logins on the UNIX platforms we should be able to look at the SSH key fingerprints as per #3212

sxa avatar Oct 16 '23 10:10 sxa