[rsbac] gtkila: Log Analyzer for RSBAC, 1st pre-version

Amon Ott ao at rsbac.org
Mon Apr 4 09:43:23 CEST 2005 

On Freitag 01 April 2005 12:51, Jonas Weismueller wrote:
> I have developed the gtkila (GPL) log analyzer for RSBAC as a 
project
> part of my study. It is written in C and gtk+ (plus interfaces are
> generated by Glade/libglade).
> It has been my first project bigger than, reading two numbers of
> stdin, add them and print them on stdout  ;) 
> Personallay, I have learned a lot and preogress will be going on.
> 
> You can download gtkila from the SVN repository:
> 
http://svn.rsbac.mprivacy-update.de/viewsvn.php?project=rsbac&path=/ila/gtkila/
> svn://rsbac.mprivacy-update.de/rsbac/ila/gtkila

I strongly encourage everyone to test this log analyser. We really 
need a way to efficiently review what happened on a secured system.

> Feedback
> ----------------
> Features:
> - Open a RSBAC log file for analysis
> - Watch a log file in real time (default /var/log/syslog), you can
> change this part in the settings, wherever you defined RSBAC to log
> - right-click context menu for a real time log table to display the
> File/ Dir settings of a file/dir
> - Search and sort function for a log table
> 
> Not working at the moment is:
> - the regular expression search and of course some more or less bugs
> - Open a logging File crashes with too huge files (fix is in 
progress)
> - Show File/ Dir settings works for FD objects only

I have added a project to the RSBAC bugtracker at 
http://bugtracker.rsbac.org 
(https://ssl.kundenserver.de/bugtracker.rsbac.org) with MrRagga as 
developer. Please also use the bugtracker, it can speed up 
development and debugging enormously.
 
> Questionnaire
> ------------------------
> INSTALLATION:
> Any installation problems?

Before being able to compile, I had to install some -dev packages, 
e.g. libgtk2.0-dev. Otherwise the latest code compiled and started 
fine.
 
> Suggestions to improve the installation?

There should be some more info in INSTALL and/or README regarding what 
rights are needed to run the program. In most cases the predefined 
"Auditor" role should be sufficient. To lookup attribute values, you 
need more.

> LOGGING -  Open File:
> Do you think this feature is usefull in daily administration work
> unsing RSBAC?

Yes, once it is completely stable, we will most likely use it for 
analysis of customer server logs.
 
> What features are missing?

This can also be added to the bugtracker, severity "feature".
 
> LOGGING - Real Time:
> What dou you think about the Real Time Logging facility and the 
option
> to show the File/ Dir settings of a certain program?

Very useful to see what is going on. Interactive attribute checking is 
a big plus in design and should be extended e.g. to see current role 
or a process etc.
 
> Agreement:
> -------------------
> Do you agree, that your comments will be published as a part of a
> documentation (Answer: yes or no)

Yes.
 
> Publish your name/email address? (Answer: name only, email only, 
both,
> nothing)

Name and Mail are fine. Some spam protection before going online, 
please.

> It would be great to have some feedback before sunday night.

Sorry for being late. :)

Amon.
-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list