Hi, I have a blueprint [1] up to provide a TripleO service to install AIDE (Advanced Intrusion Detection Environment).
The general idea is that operators will be able to pass in AIDE rules (e.g /etc p+sha256) via triple-heat-templates, initialise an integrity database , and then add a cron job to perform a periodic run of AIDE and insure file integrity. Steven Hardy made a good point on how it would be a nice addition to be able to wire in the AIDE reports to some monitoring systems, namely fluentd / sensu. I don't have a great deal of experience with aforementioned tools, having only played with basic logstash / filebeat set ups, but not yet fluentd / sensu. Is there anyone involved in ops-tools perhaps that would be able to provide some input on how we could achieve this, or even better get involved with helping get some patches up? I am guessing it would be a case of pointing to a posix path for collection and then writing some templates(?) to serialise the AIDE report data into a format that can be consumed by fluend / sensu. Folk who know these tools better then me might be aware of more better ways of implementing. Any feedback is welcome. [1] https://review.openstack.org/#/c/437872/ Cheers, Luke
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
