git clone https://github.com/Mosuan/AuditdPy_kafka && cd AuditdPy_Kafka
pip install -r requirements.txt
sudo apt-get install auditd
cat ./docs/rule.txt
sudo vim /etc/audit/audit.rules
sudo /etc/init.d/auditd restart
sudo auditctl -l
#-*- coding:utf-8 -*-
# redis config
redis_host = '10.102.5.119'
redis_pass = 'Mosuan'
redis_db = 0
redis_port = 6379
redis_key = 'logstash:redis'
# kafka config
# kafka地址
kafka_host = '10.102.5.119'
# kafka端口
kafka_port = '9092'
# kafka topic
kafka_topic = 'huobi_logger'
# 消息队列名称,目前可填kafka或者redis
log_status = 'kafka'
# 是否生成错误log
log_key = False
# 支持正则,添加规则的时候必须指定以什么开头和什么结尾,不然误报漏报估计会很严重
# 例子:
self.command_white = [
"^(sudo ausearch) -",
"^grep [a-zA-Z1-9]{1,20}",
"^ifconfig -a",
]
sudo python main.py