Skip to content

Commit

Permalink
Update documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
@marest94
marest94 committed Feb 26, 2024
1 parent 5a24fe3 commit 5c6c2a9
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 3 deletions.
4 changes: 2 additions & 2 deletions doc/TRUEConnector/prerequisite.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,9 @@ To have secure and certification compliant environment, following prerequisites

* The host OS should be audited and secure; OS should be as minimal as possible and it should be preferably used to host our Docker exclusively. There should not coexist other services like web servers or web applications so that attacker could not exploit it or lead to potential exploit (minimal threat attack surface).
* Monitoring mechanism (Linux auditd service for example) should be installed and configured as prerequisite before deploying connector. This will capture if someone tries to make changes on property files used by the connector.
* make sure to create rules to monitor folders and property files of the TRUE Connector, more information available [here](../advancedConfiguration/os-logs-configuration.md#additional-monitoring-configuration)
* Make sure to create OS rules to monitor folders and property files of the TRUE Connector, more information available [here](../advancedConfiguration/os-logs-configuration.md#additional-monitoring-configuration)
* Make sure to create rules for monitoring docker service (dockerd, /run/containerc, /var/lib/docker, /etc/docker, docker.service...) This might differ based on OS distribution
* Rules for auditing should be persisted, more information available [here](../advancedConfiguration/os-logs-configuration.md#additional-monitoring-configuration)
* Rules for OS auditing should be persisted, more information available [here](../advancedConfiguration/os-logs-configuration.md#additional-monitoring-configuration)
* Make sure to create rules for mounted docker volumes (to be able to keep track of changes made over files present in those volumes)
* Make sure to create scripts to monitor storage capacity in order to notify when the OS system is reaching storage assigned capacity. Also use CroneTab to repeat those scripts at desired time interval. One example of how to write script and set CronTab to automate it can be found [here](https://tecadmin.net/shell-script-to-check-disk-space-and-send-alert/)
* User responsible for setting up environment where connector will run should isolate or disable other services.
Expand Down
3 changes: 2 additions & 1 deletion doc/advancedConfiguration/os-logs-configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

The purpose of this guide is to provide instructions for configuring access to system logs on a Linux machine. Access to system logs is crucial for monitoring system activities, troubleshooting issues, and ensuring system security on which TRUE Connector is running. The guide is intended for Administrators who are setting up TRUE Connector and managing and monitoring Linux systems. It assumes a basic understanding of Linux file system structure and permissions.

***NOTE*** OS logs should not be mistaken for TRUE Connector audit or trace logs.
### Prerequisites
- Root or sudo privileges on the Linux system.
- Basic understanding of Linux file system and permissions.
Expand Down Expand Up @@ -37,7 +38,7 @@ The purpose of this guide is to provide instructions for configuring access to s
In addition to configuring access to system logs, it's important to establish rules for monitoring folders and property files associated with the TRUE Connector. This ensures comprehensive monitoring of relevant system activities. Follow these steps to set up monitoring rules:
- **Create Monitoring Rules with auditctl**: `auditctl` is a command-line utility that allows you to interact with the Linux audit framework, enabling you to define rules for monitoring system activities. When setting up monitoring for the TRUE Connector, you can use `auditctl` to create specific rules that define which files or directories to monitor and what actions to audit.
- **Create Monitoring Rules with auditctl**: `auditctl` is a command-line utility that allows you to interact with the Linux audit framework, enabling you to define rules for monitoring system activities, for more details please refer to main page (https://manpages.ubuntu.com/manpages/xenial/en/man8/auditctl.8.html). When setting up monitoring for the TRUE Connector, you can use `auditctl` to create specific rules that define which files or directories to monitor and what actions to audit.
For example, you can use the following command to create a rule for monitoring all files within the TRUE Connector directory: `auditctl -w /path/to/TRUEConnector/* -k trueconnector`
Expand Down

0 comments on commit 5c6c2a9

Please sign in to comment.