Audit Logging
Table of Contents
MageStack performs a number of different automated audits for security purposes, this includes access, file changes and PHP code differentials. The data is stored in the logs directory for the respective host it applies to.
Access Type | Host |
---|---|
Magento vulnerability scanner | dh |
File change list | dh |
PHP code differential | dh |
VPN bundles | dh |
FTP accounts | acc |
SSH users | acc |
SSH keys for each user | acc |
Last SSH logins | acc |
Current SSH logins | acc |
/microcloud/logs_ro
|-dh[0-9]+
|---access-YYYY-MM-DD.log.gz
|---backup-YYYY-MM-DD.log.gz
|---magescan-YYYY-MM-DD.log.gz
|---php-differential-YYYY-MM-DD.log.gz
|-acc[0-9]+
|---access-YYYY-MM-DD.log.gz
Mini report
A small report is prepared that contains just the important information
- PHP changes
- JS changes
- File changes
- Vulnerability scanner results
You can view this report by logging into your access server via SSH and switch user to root
,
su -l root
Then execute the following command, pressing the space bar to paginate through the results.
log_check.sh | more
You can also send the results direct by email by using your email address as arguments supplied to the script,
log_check.sh me@example.com my-colleague@example.com
You can add more email recipients by adding them to the end of the line, separated by a space.
Daily email notification
If you want the mini report to be sent to you each morning as a report, then you can use the built-in notifier to send you an email.
Log into your access server via SSH and switch user to root
,
su -l root
Then edit the crontab
to add another task at 9am daily,
0 9 * * * /microcloud/scripts_ro/log_check.sh me@example.com my-colleague@example.com