Security Audit service

In ELMA365 you can log and analyze events related to changing the user permissions and data.

For this purpose, the Security Audit module is used, in which all events in the system are registered, and a separate Security Audit service, in the database of which the information obtained from the module is stored.

The module and the service allow you to monitor the following events:

• When a user logs in and logs out.
• Unsuccessful attempts to enter a user password.
• When a user signs out by clicking the Sign Out button.
• When app items are added, modified or deleting.
• When a user changes a file or uploads a new version.
• When app items are added, modified, or deleted.
• When a user changes a file, or uploads a new version.
• When a file is accessed: registration of users who have changed a file or uploaded a new version.
• When a user changes security settings.
• When a user is created, changed, deleted, and manually locked out.
• Exceeding the number of sign-in attempts.
• When the security audit module accessed.
• Checking and unchecking that the app contains confidential data.
• When a user starts clearing confidential data from already registered events.

By default, data about registered security events are stored in the database used in ELMA365 On-Premises. During service installation, you can select an external database.

To work, you need to install the service inside ELMA365 and then download the module from ELMA365 Store. Read more about it in the Security Audit module article.

Install the service on the On-Premises version

Run the following command:

curl -fsSL -o audit-installer.sh https://dl.elma365.com/extensions/audit/master/latest/download && chmod +x audit-installer.sh && ./audit-installer.sh

You will be offered to select the database. For testing, you can use the internal database. When you select an external database, make sure that the selected user has permissions for scheme public  for creating and deleting tables, functions and indexes.

No additional software and libraries need to be configured to install and operate the service on the internal database.

The audit service for the internal and external databases is installed in a separate namespace audit.

When connecting for the first time, the service will create all the necessary tables.

Please note that if using a PostgreSQL external database, minimum hardware requirements and server version requirements must be considered::

DBMS server PostgreSQL
DBMS: PostgreSQL v10.14
OS: Ubuntu Server 20.04 LTS
CPU: 2 core,  2.2 GHz or higher (Intel Xeon recommended).
Hard Disk:
20 GB (OS + PostgreSQL server, RAID, SSD)
100 GB (for data, RAID 5, SSD)
RAM: 4 GB
Network: LAN 1 Gbit/sec and higher
Th extension of disk storage is evaluated by the customer independently or is based on the results of an analysis of the company's activities.

The uuid-ossp and pg_trgm extensions are also required to use the database. Read more about it in the PostgreSQL article.

After the service is installed, you should download the Security Audit module from the ELMA365 Store. For more details on how to install the module and work with it, see the Security Audit module article.

Was this helpful?

Thanks for your feedback!

Please specify why:

Recommendations did not help meArticle is hard to understandDidn`t answer my questionContent does not match the topicOther

How we can improve it?

YesNo

Please specify whyRecommendations did not help meArticle is hard to understandDidn`t answer my questionContent does not match the topicOther

Found a typo? Highlight the text, press ctrl + enter and notify us