https://github.com/ulfox/sysaudit
Journal System Audits
https://github.com/ulfox/sysaudit
audit go golang journald slack-webhook
Last synced: 7 months ago
JSON representation
Journal System Audits
- Host: GitHub
- URL: https://github.com/ulfox/sysaudit
- Owner: ulfox
- License: mit
- Created: 2021-04-24T12:37:47.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2021-05-02T11:08:47.000Z (over 4 years ago)
- Last Synced: 2025-03-08T23:07:04.319Z (7 months ago)
- Topics: audit, go, golang, journald, slack-webhook
- Language: Go
- Homepage:
- Size: 12.7 KB
- Stars: 1
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Audit: audit/sshd.go
Awesome Lists containing this project
README
# sysaudit
Journal System Audits
## Info
This package implements the logic for capturing systemd events and sending them to slack.
Currently the audit is implemented for the sshd daemon only but the logic to extend it for
additional units or events is the same.
## Installation
First in `main.go` at line 19 update the slack webhook url to your webhook.
Then build
```bash
go build -o sys-audit main.go
```
And install under `/usr/local/bin`
```bash
sudo install -m 0755 sys-audit /usr/local/bin/sys-audit
```
Copy the `sys-audit.service` under `/etc/systemd/system`
```bash
cp sys-audit.service /etc/systemd/system/sys-audit.service
```
Do a daemon reload
```bash
systemct daemon-reload
```
Enable the systemd unit
```bash
systemctl enable --now sys-audit.service
```
That's it, now anytime a sshd event is logged into your system it will be also forwarded
to your slack channel.