ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-03-11 06:54:40 +08:00
Code Issues Projects Releases Packages Wiki Activity

chore: update readme

Browse source
This commit is contained in:
Stéphane Lesimple 2020-11-05 17:28:45 +00:00
parent 537c6518b5
commit 0627c6a20c
No known key found for this signature in database
GPG key ID: 4B4A3289E9D35658
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
README.md
View file

@ -1,4 +1,4 @@
![](https://user-images.githubusercontent.com/218502/96882661-d3b21e80-147f-11eb-8d89-a69e37a5870b.png)
![The Bastion Logo](https://user-images.githubusercontent.com/218502/96882661-d3b21e80-147f-11eb-8d89-a69e37a5870b.png)
The Bastion
===========
@ -134,14 +134,15 @@ Even with the most conservative, precautionous and paranoid coding process, code
## Auditability
- Bastion administrators must use the bastion's logic to connect to itself to administer it (or better, use another bastion to do so), this ensures auditability in all cases
* Every access and action (wether allowed or denied) is logged with:
* Every access and action (whether allowed or denied) is logged with:
* `syslog`, which should also be sent to a remote syslog server to ensure even bastion administrators can't tamper their tracks, and/or
* local `sqlite3` databases for easy searching
* Every session is recorded with `ttyrec`, helper scripts are provided to encrypt and push these records on a remote escrow filer
* This code is used in production in several PCI-DSS, ISO 27001, SOC1 and SOC2 certified environments
## Related
- [ovh-ttyrec](https://github.com/ovh/ovh-ttyrec) - A terminal (tty) recorder
- [ovh-ttyrec](https://github.com/ovh/ovh-ttyrec) - An enhanced but compatible version of ttyrec, a terminal (tty) recorder
## License