EPIC: Define & Implement Access Auditing Policy & Tools

[steelhead31]

As part of Secure Dev, we need to define an access auditing policy, and implement tools/processes to provide this service.

This issue is set up to track work relating to this piece..

Tasks
------------------

1. Investigate monitoring strategies & applicable tools : Identify tooling for auditing access controls to infrastructure #2968 - Done

2. Detail Next Steps For Preferred Tool : Create Detailed Analaysis & Plan For Implementing Wazuh #3076 - Done

3. Deploy Wazuh To All Build Hosts : Done: 08/11/2023 : Deploy Wazuh To All Build Infrastructure Hosts #3235

4. Create Wazuh Code & Configuration Snippets Area in Infrastructure Repository.: Wazuh: Initial commit of Wazuh code sharing repository. #3262 Complete

5. Create mechanism for tracing ssh logins: Issue 3212 : - Complete

6. Update Wazuh to current version, and define upgrade process and policy for both Wazuh server and agents. - 10/07/2024 - Completed: Upgrade Wazuh Server & Agents To Version 4.8.0 #3654

7. Create DNS Name For Wazuh Server - EF issue raised : https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/5076 ( 04/10/2024 ) - Completed - 07/10/2024

8. Add certificates & configure https - Wazuh: Configure HTTPS Certificates And DNS #3768

9. Define critical alerts & create filters.

10. Create & Configure Slack Integration For Critical Alerts

11. Deploy Wazuh To All Test Hosts

12. Investigate how to build Wazuh agent from source on RHEL8 / s390x

13. Investigate how to build Wazuh agent from source on RISCV build machines

14. Investigate Auditing SSH/SSHD versions using Wazuh

[sxa]

For monitoring valid logins on the UNIX platforms we should be able to look at the SSH key fingerprints as per #3212