Audit-gui - GUI for linux audit daemon
Audit GUIGUI for linux audit daemon. What is it?Audit GUI is a Python based graphical user interface facilitating the usage of a standard linux audit daemon (regarding filesystem access monitoring). How does it work?The application serves as a wxWidget front-end, mainly dispatching linux shell commands (e.g. auditctl, ausearch) and parsing auditd logs. Entire set of filesystem watch rules is kept within auditd configuration. Main featuresManaging the list of auditd watch rulesThe main window of Audit GUI contains a list of active filesystem watch rules, as obtained from auditd configuration (yes, it actually shows rules, which might have been added earlier e.g. by hand). Every watch is composed of: name - an arbitrary string, helpful for identifying the watch path - a filesystem path to a file or directory which should be monitored (in case of a directory, all sub-directories are taken into consideration as well) permission filter - a combination of read, write, execute and access actions, which should trigger the rule detailed rule - any string accepted by -F option of auditctl command, i.e. denoting a rule field, such as "pid=1005" or "success!=0". Please consult man auditctl for details Rules can be easily added/update/deleted from the list. All changes are dynamically applied (and thus immediately reflected in auditd configuration). Viewing visualized log dataRight after applying a filesystem watch, auditd begins to register every occurrence of a rule in a log file. At any moment, user may decide to view the events gathered so far. The log visualization component included in Audit GUI allows you to: view aggregated read/write/execute/access events, categorized by: rule name path (and file name) user (that triggered the rule) pid (together with shell command and binary path) filter interesting events according to above categories sort all events according to above categories group all events by their triggering PID save entire reports for future analysis Demo movie Please click here to see how easy-to-use the Audit GUI is.