Blockaudit

The most resilient and secure audit system!
Blockaudit is an extensive audit system powered by the blockchain technology.

Today

Schema of the audit system in place today

Nowadays, all major audit tools use a proxy to audit system administrators actions.
The sysadmin logs on a target server via a proxy server which acts as a security bastion, managing accesses, managing privileges, and logging all the sysadmin actions.

This principle seems to work great, but think about these points:

  • There is probably a sysadmin managing the bastion. This guy can erase the logs and all footprints.
  • What about insider threats? A sysadmin could modify the bastion to log in a sensitive server, hack the server, then restore the configuration and erase his traces.

Blockaudit adds a new step in security to your system.
Blockaudit do not replace proxies and bastions, but harden these machines and all sensitive servers.

Now with Blockaudit solution

The Blockaudit agent is deployed on every sensitive server.
The blockchain is deployed on every sysadmin laptop/desktop plus some dedicated servers.
The agent reacts to events that are previously configured, like accessing a specific file, like running specific commands. When a sysadmin or a hacker touch this file or runs this command, the Linux kernel send an event to the agent, which store it in the blockchain.
Once in the blockchain, no one can hide or remove his footprints.
The blockchain is distributed among a few sysadmin, making the footprints impossible to erase or to modify by a unique sysadmin!

Compatibility

  • Linux systems (Red Hat, Ubuntu, Debian, CentOs, …) depend on kernel version, minimum version 2.6.6
  • Cloud Infrastructures
  • Lightweight container compatible, the audit system installed on the parent host can audit VMs activities