Menu

Home

Lucia Bonelli

LogSeCA - Readme

LogSeCA is a tool that lies on the top of SIEM concept and on XDAS OpenGroup standard. It provides the following main capabilities:

  • secure and reliable retention of audit records for reliability and accountability, even in case of the source of event/log fails or the logs on it are accidentally or intentionally cancelled
  • correlation of audit records in order to identify violation of security policies in the different data centres of the cloud infrastructure, which it would be impossible to do if each data centre processed events separately
  • alerting and notification to the interested parties (e.g. security manager of the storage infrastructure)
  • control on the status of the corrective actions
  • reporting at different levels (for basic audit inspection, statistical) and for different purposes (for final users, for internal purposes, for auditing).

The design and development of this prototype have been partially founded by the VISION Cloud EU FP7 project.

Currently supported audit event/log formats are:
• XDAS
• Syslog

Currently supported compliance reports are:
• ISO27001

Overview of this module is decribed in sez.3 of this document .

Projects Structure

There are three eclipse projects :

  1. agent
  2. ComplianceWebConsole
  3. bus

each project contains an Apache Ant file to compile source code.
You have to compile in this order:

  1. execute target "jar" in build.xml of agent project
  2. execute target "war" in build.xml of ComplianceWebConsole project
  3. execute target "eng.agent.32.rpm" and "eng.server.32.rpm" in build.xml of bus project

last step produces rpms of Agent Node and Agent Server to Linux 32bit S.O.
To get 64bit version of above rpms, you have to execeute target "eng.agent.64.rpm" and "eng.server.64.rpm" in build.xml of bus project.

Setup

Requirements

The compliance module has two modules: Agent Server and Agent Node, for this reason requires at least two machines with following features:

  • Linux like S.O. 32bit or 64bit
  • 2GB of RAM
  • 10GB of HD free space
Package Installation

On the first machine follow these steps:

  1. copy eng-agent-1.4-1.noarch.rpm in first machine
  2. execute sudo rpm –ivh eng-agent-1.4-1.noarch.rpm.
  3. edit file in /opt/vision/agent/conf/activemq.xml and replacing IP 10.0.3.112 at row n.62 <networkConnector uri="static:(tcp://10.0.3.112:61616)" with correct IP of Agent Server
  4. To start the agent daemon execute the following command : sudo service activemq start
  5. To uninstall : sudo rpm –e eng-agent.

On the second machine, follow these steps:

  1. copy eng-server-1.4-1.noarchx86_64b.rpm in second machine
  2. execute sudo rpm –ivh eng-server-1.4-1.noarchx86_64b.rpm.
  3. To start the agent-server daemon execute the following commands : sudo service mongod start and sudo service activemq start (of course you start before database and after agent server)
  4. To uninstall : rpm –e eng-server.

Testing

Open web browser in the first machine at the following url : http://localhost:8161/admin/send.jsp?JMSDestination=vision.xdas&JMSDestinationType=topic

In the field body of form, copy this string:

HDR:00dd::1315495492::::CET:1000022:0:ORG:myvisionhost/MangerContainer/createContainerReplica:http%://myvisionhost.eu:http:vision:::INT::::TGT:container1:213.92.16.171:rest::::SRC::EVT:destinationAddress=66.135.200.23:END

End click submit button of form.

In the second machine, open the web browser at the following url:
http://localhost:8161/siem

Insert the credential:
User= admin
Password = admin

If there is a record in tab audits it means that all work well.

License

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

  http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and limitations under the License.

Project Admins:

MongoDB Logo MongoDB