Basically, make it quick and easy to get information to support audits.
You can build audithelper just by cloning, installing dependencies and running go build. If you want to just run from source, you can just clone then run go run main.go <platform> which is fine for some folks.
If you want to get a prebuilt release version, you can get it from here for your platform.
You can use audithelper to audit github, aws or google apps. To do so, you
need to set up access. The following sections show how to set up access and run for each different platform. In principle, it is just audithelper <platform>.
To get a GitHub OAuth token, use these instructions
Once you have a token, you can put it in a .audithelper.yaml file in your home directory. Note that the github token should be treated as a secret and handled accordingly.
In other words, your ~/.audithelper.yaml file might look like this:
github-token: b4a9b....
github-org: Jemuraiaudithelper github --github-org Jemurai
You get a list of repositories with metadata for any user associated with your organization. The use case is that you want to ensure that the repos your team has, and that are public, are as intended.
The idea would be that you cross check the users with your organizational user list and then make sure the repos have the correct visibility.
We recommend using the excellent aws-vault library from 99 Designs to run any AWS tasks.
Based on a combination of aws-vault and ~/.aws/config profiles, when we run with the AWS command shown below, the process takes all of the information from the environment and we don't need to pass further information.
Generally, we are reading out of the AWS account so you'll want to run with ReadOnly or SecurityAudit privileges.
See this documentation on how to set up STS assume role.
aws-vault exec jemurai-mkonda -- audithelper aws
What audithelper does with AWS is:
- List users and basic information to be able to see change over time.
Based on these instructions we need to:
-
Create client credentials: click on enable Directory API, then Download Client Configuration and place that in a file (credentials.json) in the directory you plan to run audithelper from.
-
When initially running audithelper, a browser window will launch. Click through the web prompt to allow google to issue you an OAuth2 token.
Note that the credentials.json file should be treated as a secret and handled accordingly.
TODO THIS IS NOT EVEN STARTED
https://github.com/mhoc/msgoraph https://github.com/Azure/azure-sdk-for-go
Background:
- https://developers.google.com/admin-sdk/reports/v1/quickstart/go
- https://developers.google.com/drive/api/v3/enable-drive-api
- https://developers.google.com/admin-sdk/reports/v1/guides/prerequisites
- https://developers.google.com/drive/api/v3/about-changelogs
To set up google file sharing auditing, you will need to enable the Admin SDK and provide an OAuth scope for reading admin reports (admin.AdminReportsAuditReadonlyScope). We also have the tool set up to ask for Drive metadata read because we anticipate wanting that information available as well (drive.DriveMetadataReadonlyScope).
You will need to download the credentials.json and name drivecredentials.json in a directory local to audithelper. Then you can run:
go run audithelper.go googledriveYou should be prompted to click through the OAuth flow in a web browser and capture a token, which will then be written to a drivetoken.json file. Once you're done that, you will be able to see the files changed, by whom, when and who was granted access.
Something like this:
24 Feb 20 20:12 UTC: [email protected] File: "Status Update 2.24.20" shared_internally With: [email protected] 218.171.219.84