Automated Security Event Reporting and Configuration Management for Linux based Systems
This project is based on implementing security at different layers and working on contemporary problems that are being dealt with in the security industry. Especially remote configuration management and administration. It has been built in such a way that new features are easier to add and manage. The primary target of this project is small and medium enterprises (SMEs). Capabilities and constraints for an average SME were taken into consideration before this solution was designed. As the design of this project is flexible, this can fit into the context of multiple IT environments that use varying technologies. Financial limitations are usually more common in any startup or SME. Hence, this project has been only built using opensource tools. This also enabled us to realize the combined abilities that can be exhibited when a right combination of tools and software are implemented together. This solution would be lightweight and effective in SME environments. The fundamental idea behind this project is to execute a set of configuration checks of known vulnerabilities and violation of network security rules that are set by an organization. In the event of any security incident the central workstation which is managed by the System or Network Administrator would receive an alert. As most modern day SIEM (Security information and Event Management) solutions are usually heavy in nature, hard to configure and expensive to maintain; this project believes in localizing SOC operations to the IT team of the organization itself. The results show that applying security with automation programs like ansible can increase the network and system level visibility of all the hosts in scope effectively. Insider threat detection and incident response concepts are also implemented. The future work would be based on expanding this to more concepts in Enterprise Security and adding support to windows machines.