A Docker-based security monitoring tool designed to detect and log privileged access attempts, specifically addressing insider threat scenarios in Nigerian financial institutions.
Recent cybersecurity reports from Nigeria reveal sophisticated attacks on financial institutions where insider collaboration enables external threat actors:
- The EFCC has recovered over N20 billion from coordinated cyberattacks targeting Nigerian banks
- Rogue bank employees are intentionally granting access to external hacker networks
- Attacks are coming from regions including Eastern Europe and the United States
- This has been declared a threat to national financial stability
This tool provides a practical solution for monitoring privileged access and creating immutable audit trails.
- β Real-time Access Logging - Captures every access with timestamp and source IP
- β Docker Isolation - Runs in a container, preventing tampering by insiders
- β JSON Audit Trail - Creates structured, machine-readable logs
- β Security Headers - Implements security best practices
- β Health Monitoring - Built-in health checks for production
- β Web Log Viewer - Optional component to view logs in browser
- Docker Desktop (free from docker.com)
- 1GB RAM minimum
- Basic understanding of command line
git clone https://github.com/toye-cyberlabs/docker-privileged-access-auditor.git
cd docker-privileged-access-auditordocker-compose up -dOpen your browser to: http://localhost:8888
You should see: "π Access Audit System"
# See real-time logs
docker logs privileged-access-auditor
# Or view the JSON log file
cat logs/audit.logDocker packages your application with everything it needs to run. Think of it like a shipping container:
| Concept | Analogy | In This Project |
|---|---|---|
| Image | Blueprint/Recipe | The Dockerfile defines how to build our auditor |
| Container | The actual shipping container | A running instance of our audit tool |
| Docker Hub | Shipping port/warehouse | Where we get base images like Python |
| Volume | Storage container | Where we save logs persistently |
| Network | Shipping routes | How containers communicate |
- Isolation - The auditor runs in its own environment. A compromised host can't easily disable it
- Immutability - The container is rebuilt from scratch, ensuring consistency
- Portability - Runs the same on your laptop, a server, or in the cloud
βββββββββββββββββββββββββββββββββββββββββββββββββββ
β Your Computer (Docker Host) β
β β
β ββββββββββββββββββββ ββββββββββββββββββββ β
β β Auditor β β Log Viewer β β
β β Container β β Container β β
β β β β β β
β β Python App β β Nginx Web β β
β β Port: 8080 β β Server β β
β ββββββββββ¬ββββββββββ β Port: 80 β β
β β ββββββββββ¬ββββββββββ β
β β β β
β βΌ βΌ β
β βββββββββββββββββββββββββββββββββββββββββββ β
β β Shared Volume: ./logs β β
β β (Persistent Storage) β β
β βββββββββββββββββββββββββββββββββββββββββββ β
β β
β Your Browser β localhost:8888 β Auditor β
β Your Browser β localhost:8889 β Log Viewer β
βββββββββββββββββββββββββββββββββββββββββββββββββββ
curl http://localhost:8888curl -X POST http://localhost:8888 -d "customer_data=leaked"docker logs privileged-access-auditor | grep "β οΈ"This tool demonstrates security controls required for:
| Standard | Requirement |
|---|---|
| PCI DSS | Requirement 10: Track and monitor all access |
| ISO 27001 | A.12.4: Logging and monitoring |
| NIST 800-53 | AU family: Audit and accountability |
| NITDA Guidelines | Nigerian cybersecurity framework |
Contributions are welcome! Please:
- Fork the repository
- Create a feature branch
- Submit a pull request
MIT License - Free for educational and commercial use
This tool is for authorized security testing and educational purposes only. Users are responsible for complying with all applicable laws.
- GitHub: @toye-cyberlabs
- LinkedIn: https://linkedin.com/in/www.linkedin.com/in/adewale-adetoye-elemoro-662b44299
- Twitter: @AdetoyeElemoro
- Nigerian EFCC for highlighting insider threat challenges
- Docker community for excellent documentation
- Security researchers protecting financial infrastructure