debops-playbooks icon indicating copy to clipboard operation
debops-playbooks copied to clipboard

Published 20 hours ago verified publisher icon debops

Proposed role: debops.ids

Open tobijb opened this issue 10 years ago • 1 comments

Provide default intrusion detection systems like debops.ossec + debops.audit? Leverage ELK stack for audit views and ossec for notifications (email + script)?

Should:

  • Audit user logins
  • Audit known activities (DDOS, Synflood, Auth attempts)
  • Audit custom activities (Watch this file in /opt/secret for changes)
  • Notify for known activities (MD5 change of core lib or executable)
  • Notify for custom activities (if desired) ...

tobijb avatar May 08 '15 07:05 tobijb

Graylog could be used instead of the ELK stack, but this role would be great.

e-alfred avatar May 04 '16 14:05 e-alfred