Config plugin in go-audit
rhonnava opened this issue · 1 comments
rhonnava commented
Currently config is read from a file based on --config command line argument. For an environment where thousands of nodes are monitored using go-audit, these config files need to be pushed from an external tool like chef.
Here are a few thoughts I have:
- If configs are pulled in a scheduled interval, securely over HTTPS from a central fleet manager exposing config as a REST API, changes in audit configuration can be added and removed frequently and managed more easily.
- If an external plugin is used (https://golang.org/pkg/plugin/) to read configs, then any custom config plugins can be developed and used at runtime without disturbing the core part of the code.
I could send up a pull request if you like this idea.
nbrownus commented
I have a few thoughts:
- Restarting
go-audit
is generally a fast operation and has been good enough for us and others in the past when dealing with config change. - You could tweak active audit rules using
auditctl
directly without restartinggo-audit
or changinggo-audit
s configuration go-audit
uses viper for config parsing and has a way to watch config files for change. Reloading the active rules would be fairly simple but a fully supported graceful reload would be more difficult and restarting is already pretty fast.viper
can read configuration from remote key/value stores likeconsul
oretcd
. We could expose that type of configuration source via the config file but the above problem would remain.
Can you tell me a bit more about your use case and if any of these thoughts may help you solve some problems?