Audit-gui - GUI for linux audit daemon

  •        1745

Audit GUIGUI for linux audit daemon. What is it?Audit GUI is a Python based graphical user interface facilitating the usage of a standard linux audit daemon (regarding filesystem access monitoring). How does it work?The application serves as a wxWidget front-end, mainly dispatching linux shell commands (e.g. auditctl, ausearch) and parsing auditd logs. Entire set of filesystem watch rules is kept within auditd configuration. Main featuresManaging the list of auditd watch rulesThe main window of Audit GUI contains a list of active filesystem watch rules, as obtained from auditd configuration (yes, it actually shows rules, which might have been added earlier e.g. by hand). Every watch is composed of: name - an arbitrary string, helpful for identifying the watch path - a filesystem path to a file or directory which should be monitored (in case of a directory, all sub-directories are taken into consideration as well) permission filter - a combination of read, write, execute and access actions, which should trigger the rule detailed rule - any string accepted by -F option of auditctl command, i.e. denoting a rule field, such as "pid=1005" or "success!=0". Please consult man auditctl for details Rules can be easily added/update/deleted from the list. All changes are dynamically applied (and thus immediately reflected in auditd configuration). Viewing visualized log dataRight after applying a filesystem watch, auditd begins to register every occurrence of a rule in a log file. At any moment, user may decide to view the events gathered so far. The log visualization component included in Audit GUI allows you to: view aggregated read/write/execute/access events, categorized by: rule name path (and file name) user (that triggered the rule) pid (together with shell command and binary path) filter interesting events according to above categories sort all events according to above categories group all events by their triggering PID save entire reports for future analysis Demo movie Please click here to see how easy-to-use the Audit GUI is.

http://code.google.com/p/audit-gui

Tags
Implementation
License
Platform

   




Related Projects

raspBerry+


raspBerry+ is a web-based administration platform for Blackberry Enterprise Server for MS Exchange (BES). You can group-based activate/kill/delete/add and get status of users, their handhelds and services. With a little download-area and a comment-system

RASP


RASP's A Sneakernet Proxy; download using a thumbdrive.

RasmusDSP


RasmusDSP is an embeddable Audio/MIDI processor. It contains various filters and generators (including SoundFont 2.0 compatible synthesizer). Has a script interpreter which is used to describe instruments, route Audio/MIDI signal between processor units.

Rasea


An acronym for cRoss-plAtform accesS control for Enterprise Applications. Rasea aims to become a reference in access control as a service based on the RBAC model.

Rascal


Rascal, the Advanced Scientific CALculator, is a platform independent modular calculator. Based on modules for integer, doubles, strings, vectors and matrices it can be easily extended with existing C or C++ code.



Rars


RARS is the Robot Auto Racing Simulation, in which the drivers are robot programs. It is intended as a competition among programmers. It consists of a simulation of the physics of cars, a graphic display of the race, and a robot driver for each car.

RARPlayer


This small program allows you to play a video directly from a RAR file and do so in real-time. Both VLC and MPlayer are supported video players.

RAReXtract


RAReXtract is a Front-End for the UnRAR command line utility for Mac OS X 10.5 (Leopard). Its purpose is the rapid and convenient extraction of RAR archives with a double click.

RAR Expander


Rar Expander is a MacOSX program which extracts the files contained in single or multi-volume RAR archives. It uses the official unRAR library internally so it is fully compatible with archives produced by WinRAR.

rarcrack


This program uses a brute force algorithm to guess your encrypted compressed file\'s password. If you forget your encrypted file password, this program is the solution. This program can crack zip,7z and rar file passwords.

RArcInfo


RArcInfo is a package for R (http://www.r-project.org) to import data from binary Arc/Info V7.X coverages and E00 files . This will allow R users to used it as a primary GIS tool.

rar brute force shell script - rarbrute


This is rarbrute, a shell script to brute force encrypted rar files under unix and linux. A long wordlist and a paper about security in internet cafes is included.

Raquel Database System


The system will : 1. use RAQUEL (= Relational Algebra Query, Update and Executive Language) for programming, implementing Third Manifesto principles. 2. have a 'Lego-like' architecture of building blocks and plug-ins, for wider applicability.

RAPv4


RAPv4 is an engine for building web application with only a business description (in XML format). NEW 04/2006 : Stable 2006 release. Add new functions like mail, sms, web services, graph, map engine (GIS), Excel output, QBE... and also a beta release of

Rafkill


2d Scroller. Clone of Raptor: Call of the Shadows and Tyrian. Fun game written in c++ using allegro.

rapple


Lightweight XML based transformation tool written in C that builds upon expat, tidylib and XSLT to tranform authored web content (incl. Word processor generated HTML) into styled web content suitable for publication.

RapidSMS


RapidSMS is an open-source internet and communications platform

RapidSmith


RapidSmith is a research-based FPGA CAD tool framework written in Java for modern Xilinx FPGAs. Based on XDL, its objective is to serve as a rapid prototyping platform for research ideas and algorithms relating to low level FPGA CAD tools.

Rapidshare Mass Downloader


What this program does is bringing out human interaction while downloading files from rapidshare(without premium account). It downloads all the rapidshare links sequentially to the specified location.

rapido visual profiler


rapido is a visual profiler for linux-x86. It traces function call using the ptrace interface and displays the information collected in a nice visual flow chart. rapido does not require the re-compilation of the application.