How to Build an Automated Security Compliance Auditing System with Django
This article introduces an open‑source security compliance auditing platform built with Django, MongoDB and Redis, detailing its architecture, data synchronization methods, configurable audit strategies, asset inventory, policy configuration, task scheduling, and provides deployment instructions and sample API usage for automating compliance checks across applications, databases and operating systems.
Project Introduction
In response to increasingly strict regulatory policies, enterprises need efficient security compliance solutions. This open‑source system automates compliance checks, controls implementation, and reporting, reducing repetitive manual audits and lowering operational costs.
Project Overview
1. Concept
The system inspects internal production for non‑compliant behavior, covering application systems, operating systems, and databases horizontally, and employee roles, operation logs, and deployment tickets vertically. Detected risks are reported for review.
2. Data Synchronization
Both pull and push mechanisms are supported. Pulling is performed via scheduled tasks, while push data is received through a REST endpoint. Asset lists are also synchronized by pulling.
Example request:
curl --location --request POST 'http://127.0.0.1:60010/api/audit/common_data/' \
--header 'Authorization: Token secret_key_example' \
--header 'Content-Type: application/json' \
--data-raw '{
"data_type": "UserRoleData",
"data": [{"bg_name": "ca_bg", "role": "test", "date": "2020-01-01", "user_details": [{"user":"123", "create_ts": 1580897321}]}]
}'The API endpoint is api/audit/common_data, with field definitions in www/audit/utils.py. Data is persisted by the backend service business_bg_log_persistence.
Backend Overview
1. Summary
The backend is built with Django, MongoDB, and Redis, exposing RESTful APIs via Django REST framework. The frontend uses iViewUI for UI components.
2. Asset Inventory
Assets include application back‑ends, database instances, and host operating systems. They form the foundation for compliance data collection.
3. Policy Configuration
Policy configuration consists of five sub‑sections:
Regular expression rules for log matching.
Policy atoms (regex matching, permission matrix, inactivity, role changes).
Policy groups that bundle atoms and define review cycles.
Non‑standard user management for irregular identifiers.
Reviewer management for assigning responsibility.
4. Tasks
Tasks are defined by combining business lines with policy groups, generating scheduled review tasks that produce audit reports.
5. Knowledge Base & Workbench
The knowledge base stores legal and internal compliance references. The workbench tracks privacy compliance and pending items.
Quick Start
The project follows a front‑back separation architecture: backend uses Django + Mongo + Redis, frontend uses iViewUI, communication via REST APIs.
Technology stack:
mongo + redis + nginx + python3.6 + iViewUI(node v13.5.0)Rapid deployment (Docker recommended):
# Ensure port 60010 is free
chmod +x run.sh
./run.sh
# Access the application at http://127.0.0.1:60010/
# Admin credentials: user=admin, password=admin
# Auditor credentials: user=auditor, password=auditorSigned-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Programmer DD
A tinkering programmer and author of "Spring Cloud Microservices in Action"
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.