[openstack-dev] [tripleo] AIDE integration with fluentd / sensu

Luke Hinds lhinds at redhat.com
Wed Mar 8 11:31:02 UTC 2017


Hi,

I have a blueprint [1] up to provide a TripleO service to install
AIDE (Advanced Intrusion Detection Environment).

The general idea is that operators will be able to pass in AIDE rules (e.g
/etc p+sha256) via triple-heat-templates, initialise an integrity database
, and then add a cron job to perform a periodic run of AIDE and insure file
integrity.

Steven Hardy made a good point on how it would be a nice addition to be
able to wire in the AIDE reports to some monitoring systems, namely fluentd
/ sensu. I don't have a great deal of experience with aforementioned tools,
having only played with basic logstash / filebeat set ups, but not yet
fluentd / sensu.

Is there anyone involved in ops-tools perhaps that would be able to provide
some input on how we could achieve this, or even better get involved with
helping get some patches up? I am guessing it would be a case of pointing
to a posix path for collection and then writing some templates(?) to
serialise the AIDE report data into a format that can be consumed by fluend
/ sensu. Folk who know these tools better then me might be aware of more
better ways of implementing. Any feedback is welcome.

[1] https://review.openstack.org/#/c/437872/

Cheers,

Luke
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170308/6dc62978/attachment.html>


More information about the OpenStack-dev mailing list