Audit Logging

MageStack performs a number of different automated audits for security purposes, this includes access, file changes and PHP code differentials. The data is stored in the logs directory for the respective host it applies to.

Access Type Host
Magento vulnerability scanner dh
File change list dh
PHP code differential dh
VPN bundles dh
FTP accounts acc
SSH users acc
SSH keys for each user acc
Last SSH logins acc
Current SSH logins acc

/microcloud/logs_ro

|-dh[0-9]+
|---access-YYYY-MM-DD.log.gz
|---backup-YYYY-MM-DD.log.gz
|---magescan-YYYY-MM-DD.log.gz
|---php-differential-YYYY-MM-DD.log.gz
|-acc[0-9]+
|---access-YYYY-MM-DD.log.gz

Mini report

A small report is prepared that contains just the important information

  • PHP changes
  • JS changes
  • File changes
  • Vulnerability scanner results

You can view this report by logging into your access server via SSH and switch user to root,

su -l root

Then execute the following command, pressing the space bar to paginate through the results.

log_check.sh | more

You can also send the results direct by email by using your email address as arguments supplied to the script,

log_check.sh me@example.com my-colleague@example.com

You can add more email recipients by adding them to the end of the line, separated by a space.

Daily email notification

If you want the mini report to be sent to you each morning as a report, then you can use the built-in notifier to send you an email.

Log into your access server via SSH and switch user to root,

su -l root

Then edit the crontab to add another task at 9am daily,

0 9 * * * /microcloud/scripts_ro/log_check.sh me@example.com my-colleague@example.com