Public | Automated Build

Last pushed: 2 years ago
Short Description
Training image for Sagan, the real-time log analysis engine
Full Description

Rules are in /usr/local/etc/sagan and are editable.
For security, sudo only works to start rsyslog and sagan.
Designed to be used with the ISLET training system.
demo@sagan:~$ sudo service rsyslog start demo@sagan:~$ sudo sagan -D demo@sagan:~$ cat /var/log/sagan/alert [**] [1:5000133] [SU] Successful sudo to ROOT executed [**] [Classification: successful-admin] [Priority: 1] 2014-12-05 01:06:42 192.168.0.1:514 -> 192.168.0.1:514 authpriv notice Message: demo : TTY=console ; PWD=/home/demo ; USER=root ; COMMAND=/usr/local/sbin/sagan [Xref => http://wiki.quadrantsec.com/bin/view/Main/5000133]

Docker Pull Command
Owner
jonschipp
Source Repository

Comments (0)