Introduction
The JetRails CLI tool, jrctl, creates access and audit reports for the local machine or those in a cluster. The audit report feature is for an at-a-glance view to see if access control through the firewall and for SQL databases are configured correctly, verify the login methods that are available to shell users, and review past logins into the server.
Audit sections
| Section | Description |
|---|---|
| Matching Servers | Lists servers matching the type selector(s) provided. |
| Access Log | Shows logins on the host(s) including user, method, login IP, and time. |
| Firewall Entries | Shows firewall rules including port(s), protocol(s), CIDR/IP ranges, and any optional comments that document the reason for whitelisting. |
| SSH user list | Shows users that can log in to the command line on your server(s) and includes what authentication methods are available to them (password or SSH key). |
| Databases | Lists databases on the system(s), including the servers hosting each database and the users with grants to the database(s). |
| Current Database Users | Lists database users, including the hosts they may connect to, the databases they have permissions for, and from where the user may connect to the database. |
Running the audit
Run the following command to output an audit report to STDOUT:
$ jrctl audit report
By default, this will gather information from each node configured in the .jrctl/config.yaml configuration file in the current user’s home directory.
Target specific nodes
Type selectors can be used as filters to target a certain subset of nodes within a configured cluster. While type names are completely customizable and are defined within the .jrctl/config.yaml file, you will most likely encounter the following: db (database nodes), www (web nodes), admin (admin backend nodes), and localhost (used for single-server deployments).
For example, the following command will only gather information from nodes with the www type:
$ jrctl audit report --type www
Email reports
To regularly receive these reports via email, insert jrctl audit report as a cron job. As an example, you can use the following expression to receive audit reports via email on the first day of each month. To do so, use the following crontab entry:
MAILTO="[email protected],[email protected]"
0 0 1 * * /usr/bin/jrctl report audit
Note: MAILTO is a comma-separated list of users that should receive audit reports. This line should be inserted into your user’s crontab with
crontab -e. The location in the crontab doesn’t matter.