Skip to content

Add ECS JSON security audit logging, setup-system CLI, and stable DEB/RPM packaging workflows#274

Merged
ghantoos merged 6 commits intomasterfrom
f/json-siem
Mar 17, 2026
Merged

Add ECS JSON security audit logging, setup-system CLI, and stable DEB/RPM packaging workflows#274
ghantoos merged 6 commits intomasterfrom
f/json-siem

Conversation

@ghantoos
Copy link
Copy Markdown
Owner

  • Added structured security audit logging with ECS-aligned JSON output.
  • Introduced new security_audit_json config flag and wired audit logging into command authorization paths (allowed/denied decisions, SSH/SCP/SFTP scenarios, unknown/forbidden syntax, env assignment checks).
  • Added per-session session_id handling for better correlation in logs.
  • Added new lshell setup-system command to bootstrap host prerequisites:
    • ensure group exists
    • create/chown/chmod log directory
    • register shell in /etc/shells
    • optionally set user shell and group membership

@ghantoos ghantoos merged commit bc0303a into master Mar 17, 2026
6 checks passed
@ghantoos ghantoos deleted the f/json-siem branch March 18, 2026 09:30
@ghantoos ghantoos restored the f/json-siem branch March 18, 2026 09:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant