Home

Awesome

Build Status

Audits1984

A simple auditing tool for console1984.

Installation

Add it to your Gemfile:

gem 'audits1984'

Create tables to store audits in the database:

rails audits1984:install:migrations
rails db:migrate

Mount the engine in your routes.rb:

mount Audits1984::Engine => "/console"

API-only apps or apps using vite_rails and other asset pipelines outside Rails

If you want to use this gem with an API-only Rails app or an app that's using vite_ruby/vite_rails, or some other custom asset pipeline different from Sprockets and Propshaft, you need just one more thing: configure an asset pipeline so you can serve the JavaScript and CSS included in this gem. We recommend to use Propshaft. You simply need to add this line to your application's Gemfile:

gem "propshaft"

Then execute

$ bundle install

And you should be ready to go.

Authenticate auditors

By default, the library controllers will inherit from the host application's ApplicationController. To authenticate auditors, you need to implement a method #find_current_auditor in your ApplicationController. This method must return a record representing the auditing user. It can be any model but it has to respond to #name.

For example, Imagine all the staff in your company can audit console sessions:

def find_current_auditor
  Current.user if Current.user&.staff?
end

Usage

The main screen lists the registered console sessions. It includes a form to filter sessions by date, and also to only show that contains sensitive accesses.

Main screen listing the registered console sessions with a filter form

You can click on a session to see its commands and choose whether it was an appropiate console usage or not.

Audit session screen

After making a decision on the session, you will be redirected to the next pending session, based on the filter configured in the main screen.

That is. I said it was simple.

Configuration

These config options are namespaced in config.audits1984:

NameDescription
auditor_classThe name of the auditor class. By default it's ::User.
auditor_name_attributeThe attribute on the auditor class that returns the auditor's name. By default it's :name.
base_controller_classThe host application base class that will be the parent of audit1984 controllers. By default it's ::ApplicationController.