Creating Audit Reports Using jrctl

August 4, 2022
August 4, 2022
Alex Jackson


The JetRails CLI tool, jrctl, creates access and audit reports for the local machine or those in a cluster. The audit report feature is for an at-a-glance view to see if access control through the firewall and for SQL databases are configured correctly, verify the login methods that are available to shell users, and review past logins into the server.

Audit sections

Matching ServersLists servers matching the type selector(s) provided.
Access LogShows logins on the host(s) including user, method, login IP, and time.
Firewall EntriesShows firewall rules including port(s), protocol(s), CIDR/IP ranges, and any optional comments that document the reason for whitelisting.
SSH user listShows users that can log in to the command line on your server(s) and includes what authentication methods are available to them (password or SSH key).
DatabasesLists databases on the system(s), including the servers hosting each database and the users with grants to the database(s).
Current Database UsersLists database users, including the hosts they may connect to, the databases they have permissions for, and from where the user may connect to the database.

Running the audit

Run the following command to output an audit report to STDOUT:

$ jrctl audit report

By default, this will gather information from each node configured in the .jrctl/config.yaml configuration file in the current user’s home directory.

Target specific nodes

Type selectors can be used as filters to target a certain subset of nodes within a configured cluster. While type names are completely customizable and are defined within the .jrctl/config.yaml file, you will most likely encounter the following: db (database nodes), www (web nodes), admin (admin backend nodes), and localhost (used for single-server deployments).

For example, the following command will only gather information from nodes with the www type:

$ jrctl audit report --type www

Email reports

To regularly receive these reports via email, insert jrctl audit report as a cron job. As an example, you can use the following expression to receive audit reports via email on the first day of each month. To do so, use the following crontab entry:

MAILTO="[email protected],[email protected]"
0 0 1 * *  /usr/bin/jrctl report audit

Note: MAILTO is a comma-separated list of users that should receive audit reports. This line should be inserted into your user’s crontab with crontab -e. The location in the crontab doesn’t matter.