I need to set up auditing in my environment, specifically file integrity monitoring. I've tried OSSEC, but found it cumbersome. I've since discovered auditd
(already installed on my CentOS 6 system) and found it to be a simple but powerful auditing solution.
I'm aware of the command line tool aureport
for generating stats or lists of file changes recorded by auditd
, and it works nicely. However, I've got about 100 Linux hosts currently, and need to find a smoother way to be alerted to changes to critical files. Are there any open source reporting tools or dashboards out there that sit on top of auditd
for aggregating multiple hosts on a network? I haven't seen anything when searching the net and github.
As a bonus, it would be convenient to have the file changes reported by auditd to be combined with file change reports from puppet reports from the puppetmaster/puppetDB host to show that a change was expected and to not fire an alert or be shown in the report.
Any recommendations on existing solutions or tips on this file integrity monitoring topic?