immudb Blog Posts

AccessAudit: Enhancing Security with Immutable Access Logs

Written by Mahrukh | Sep 11, 2023 3:12:15 PM

Introduction

Imagine you have a garage housing a million-dollar car, and you've entrusted someone to clean it daily. Now, picture this scenario: there are no security cameras, no access control systems, and no way to monitor who enters the garage and when. Would you sleep well at night knowing that your prized possession is potentially vulnerable to unauthorized access or tampering? Most likely not.

In the digital world, a similar concern arises when it comes to securing access to sensitive data and resources. Access control and auditability are paramount to ensure the integrity and security of your systems. This is where AccessAudit steps in – a powerful solution designed to log any access requests and maintain immutable records in immudb Vault, offering a high level of security and accountability.

Features of AccessAudit

AccessAudit is a script that brings a set of features to the table, ensuring robust access control and auditing for your systems:

  1. Platform Verification: AccessAudit ensures that it is running on a Linux system. This is a crucial step as Linux systems are widely used in server environments where access control is critical.

  2. Sudo Privilege Check: The script verifies that the user executing it has the necessary sudo privileges. This is important because only authorized users should be able to configure and manage access logs.

  3. API Key Integration: AccessAudit interacts with immudb Vault by prompting the user for a Write API Key. This key is essential for securely forwarding access logs to the Vault.

  4. API Key Validation: The script tests the provided API key to ensure its validity, guaranteeing that only authorized users can interact with the Vault.

  5. Dependency-Check: AccessAudit checks for the presence of the 'curl' tool, which is essential for making HTTP requests to immudb Vault.

  6. Configuration Setup: The script automates the setup of necessary configurations and scripts required to forward access logs to the Vault.

Prerequisites for Using AccessAudit

Before you can benefit from AccessAudit's capabilities, ensure you meet the following prerequisites:

  1. Linux System: AccessAudit is designed for Linux systems, so you must execute it on such a platform.

  2. Sudo Privileges: Execute the script with a user account that has sudo privileges, as certain system configurations may require elevated permissions.

  3. Required Software: Make sure you have 'curl' 'sudo' 'rsyslog' and 'systemctl' installed on your system.

  4. immudb Vault Access: You need access to immudb Vault and a valid Write API Key. If you don't have one, you can obtain it from the appropriate source.

Usage of AccessAudit

To get started with AccessAudit, follow these steps:

  1. Download the Script: Download the bash script or clone the repository containing the script.

  2. Make it Executable: Ensure the script is executable by running the command chmod +x <script_name>.sh.

  3. Run the Script: Execute the script with the command ./<script_name>.sh.

Upon running the script, you will receive a welcome message outlining the installation steps. It will also remind you that AccessAudit will use the default collection and ledger.

To proceed with the installation, you will need to:

  • Confirm your intention to continue.
  • Provide your immudb Vault Write API Key when prompted.

The script will then check the validity of the provided API key, configure the necessary settings, and restart the 'rsyslog' service to start forwarding access logs to the Vault.

Notes and Troubleshooting

Here are some important considerations:

  • Always have a proper backup or snapshot of your configurations before executing scripts that modify system settings.

  • Review scripts and READMEs thoroughly before execution, especially when they require root or sudo privileges.

  • If you encounter issues, consider the following troubleshooting steps:

    • Verify that you are running the script on a Linux system.
    • Ensure you have the necessary sudo privileges.
    • Double-check the API key you provided.
    • Install 'curl' if it's not available and rerun the script.

Conclusion

AccessAudit fills a critical gap in access control and auditing, offering a straightforward yet powerful solution for maintaining immutable access logs. By ensuring that only authorized users can interact with and modify access records, AccessAudit enhances the security and integrity of your systems, providing peace of mind in a digital world where data protection is paramount.