mariadb grafana lynis

Markus Bergholz d43e2e1892 Update 'README.md'		4 months ago
grafana	add ansible playbook to deploy lynis grafana dashboard draft	4 months ago
Dockerfile	use multistage and a non-root user	4 months ago
LICENSE	add license file	4 months ago
Makefile	add openssl to generate self-signed on request, add '/' route	4 months ago
README.md	Update 'README.md'	4 months ago
lynis-report-converter.pl	add licence and comment to source	4 months ago
lynis_grafana.png	update screenshot	4 months ago
main.py	add 3rd view	4 months ago
prod.sh	write key to /tmp	4 months ago

README.md

lynis-bridge

Accept lynis-report.dat files (upload), transform it into json and put it into a mariadb to visualize the result with grafana.

docker deployment

env	default value
`DATABASE_HOST`	`mariadb`
`DATABASE_USER`	`lynis`
`DATABASE_PASSWORD`	`lynis`
`DATABASE`	`lynis`
`SSL`	value does not matter, if set, https is enabled

When the env variable SSL is set, the container looks for /tmp/key.pem and /tmp/key.cert.
When they are not found, it will generate a self signed certificate on the fly.

Gunicorn is started with 5 worker processes.

client notes

When using lynis-cron, you can post the result to your lynis-bridge with curl (yes, the user-agent must be set to lynis-bridge, otherwise the lynis-bridge will response http code 403).

curl -A "lynis-bridge" -F data=@lynis-report.dat http://<lynis-bridge>:8080/upload

database

Currently only Mariadb >= 10.3 is supported.
The table reports is using WITH SYSTEM VERSIONING. So you got a report history about your hosts.
You just need to query them ;)

When /opt/mariadb.pem is given, lynis-bridge will use encrypted in transit using the Transport Layer Security (TLS) protocol to the mariadb host.

credits.

lynis-report-converter.pl is taken from https://github.com/d4t4king/lynis-report-converter

SCM

host	category
https://git.osuv.de/m/lynis-bridge	origin
https://gitlab.com/markuman/lynis-bridge	pull mirror
https://github.com/markuman/lynis-bridge	push mirror