Automated Security Event Reporting and Configuration Management for Linux based Systems
Abstract
This project is based on implementing security at different layers and working on
contemporary problems that are being dealt with in the security industry. Especially
remote configuration management and administration. It has been built in such a
way that new features are easier to add and manage. The primary target of this
project is small and medium enterprises (SMEs). Capabilities and constraints for an
average SME were taken into consideration before this solution was designed. As
the design of this project is flexible, this can fit into the context of multiple IT
environments that use varying technologies. Financial limitations are usually more
common in any startup or SME. Hence, this project has been only built using opensource tools. This also enabled us to realize the combined abilities that can be
exhibited when a right combination of tools and software are implemented together.
This solution would be lightweight and effective in SME environments. The
fundamental idea behind this project is to execute a set of configuration checks of
known vulnerabilities and violation of network security rules that are set by an
organization. In the event of any security incident the central workstation which is
managed by the System or Network Administrator would receive an alert. As most
modern day SIEM (Security information and Event Management) solutions are
usually heavy in nature, hard to configure and expensive to maintain; this project
believes in localizing SOC operations to the IT team of the organization itself.
The results show that applying security with automation programs like ansible can
increase the network and system level visibility of all the hosts in scope effectively.
Insider threat detection and incident response concepts are also implemented. The
future work would be based on expanding this to more concepts in Enterprise
Security and adding support to windows machines.