This repository is a training ground for Linux/systems foundations.
Current task: build projects/linux-auth-observe as a small, deterministic mini-lab.
- Keep changes limited to:
projects/linux-auth-observe/**notes/**.codex/**- root
README.mdonly if needed for a short index entry
- Do not create unrelated projects.
- Do not introduce network services, web UI, or cloud dependencies.
- Do not parse
audit.login v0.1.
- Prefer Python stdlib for v0.1.
- Use simple, reviewable code.
- Fail closed on malformed records when appropriate, but keep batch processing resilient.
- Preserve raw line/message in normalized output for evidence traceability.
- Add pytest coverage for parsing, filtering, and summary generation.
- Keep sample logs sanitized and obviously non-sensitive.
- JSONL normalization
- CLI filters by user / IP / service / time window
- Markdown summary report
- Notes:
notes/journald-syslog-basics.mdnotes/auth-event-schema.md
- No real-time tailing
- No auditd parser
- No database
- No LLM features
- No packaging/publishing workflow yet