Initial release of the Linux Audit Reporting tool that aids in performing audit reviews of standalone or lone Linux systems that need reporting in compliance with CNSS 1253 or JSIG versions of NIST SP 800-53r4. This version includes:
- The core script to automate reporting with lower level tools to analyze a hardened system that complies with the requirements of AU-2
- A helper script to provide real-time translation of audit events into the syslog stream for context in incident analysis
Script features include:
- A timestamped report that an auditor can use to document their review of the audit trail as required
- Bash-only scripting for those really stripped down systems
- Colorized output during a run to make errors and warnings easier to find
- Isolation of the supporting logs for easy archival to removable media along with the report
- Subsequent runs of the script pick up from the last successful run of the script providing total coverage with no gaps in reporting
- Reports and audit log extracts follow naming conventions to allow rapid sort when there are hundreds of each in a folder
- Recommendations to the system administrator for rules that may not provide full coverage of the CNSS or JSIG specific auditing requirements
- Health checks to catch problem situations like audit rules being configured but not active in the audit engine
- Archived audit logs are enhanced which translates numeric IDs and then compressed, but they are still native so that forensic analysis can use the built-in audit tools
Distribution Statement
In accordance with DoD 5230.24, change 3 15Oct18, this software is released under DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited. USAF Public Affairs clearance number 88ABW-2019-3749.