advertisement

In our continued journey to secure ROS2-based robotic projects, we have already implemented several critical security measures. We started with a fresh installation, configured SROS2 for secure ROS communications, enabled AppArmor and Auditd, configured a firewall, and deployed Suricata for network monitoring. While AppArmor, Auditd, and Suricata help define rules and profiles to protect and monitor a system, this article focuses on delving into Auditd, a powerful auditing framework that not only monitors but provides invaluable insights into system activities. 📚 Table of contents - What is audited? - Why use Auditd in robotics projects? - Auditd and robots: real world use cases - How Auditd works: practical examples - Monitoring of ROS2 Code and Development Environments - Review audit logs efficiently - Conclusion 🔍 What is Audited? audited is a Linux security audit daemon that monitors and logs critical system events, including user activities, process executions, file system accesses, and some network-related actions. ⚠️ Important: Auditd does not prevent events: it records them and reports them for later review. In a robotics context, where systems comprise multiple interconnected devices (from cameras and sensors to motor controllers), it is challenging to define strict access controls without disrupting functionality. Auditd helps close this gap by providing detailed reports on interactions across device boundaries, allowing teams to make informed security decisions. 📌 Auditd Key Capabilities: - Monitors file system actions (read, write, execute, attribute changes). - Tracks user activities (logins, privilege escalations, command executions). - Capture process actions (process creation, executive calls). - Observe network-related system calls (e.g. connect() ,bind() ), but it is not a network traffic analysis tool like Suricata. - Maintains detailed records in /var/log/audit/audit.log . - Integrates with search ,aureport , and auditctl for efficient analysis and rule management. 🤖 Why use Auditd in robotics projects? Security debates often focus on two approaches: - Deny access: more secure, but can hinder business development and operations. - Monitor and Audit: Allows freedom during development but requires surveillance. Auditd strikes a balance by allowing passive monitoring during development. Rules can be created to monitor who and what accesses sensitive areas. Then, as the project moves into production, these passive rules can be converted into policies enforced using tools like AppArmor, SELinux, or Suricata. This approach is particularly useful for robotics, where interconnected devices and unpredictable interactions make strict deny policies impractical during the early stages. 🤖 Auditd and robots: real world use cases In robotics, multiple subsystems interact seamlessly: cameras send data to artificial intelligence processors, controllers issue motor commands, and various sensors provide environmental feedback. But how do you ensure that those communications are legitimate? Did the wheel control signal originate from the robot controller or from a compromised driver? By integrating auditd During the development phase, you can monitor process events and establish behavioral baselines. These baselines help you define acceptable interactions, which can then be applied to block anything outside of expected behavior. ⚙️ How Auditd works: practical examples Let's create a simple auditee rule to monitor when colcon , the ROS2 build tool is run. -w /usr/bin/colcon -p x -k colcon_exec 📖 Rules Breakdown 📝 ROS2 code monitoring and development environments Auditd can also help protect your codebase. Here's how you can monitor access attempts to ROS2 project files by unauthorized users: ############################################################ # 🚀 ROS Environment and

advertisement

advertisement