Annotate

mod_audit/mod_audit.lua @ 5549:01a0b67a9afd

mod_http_oauth2: Add TODO about disabling password grant Per recommendation in draft-ietf-oauth-security-topics-23 it should at the very least be disabled by default. However since this is used by the Snikket web portal some care needs to be taken not to break this, unless it's already broken by other changes to this module.
author Kim Alvefur <zash@zash.se>
date Fri, 16 Jun 2023 00:06:53 +0200
parent 5351:c35f3c1762b5
child 5728:9bbf5b0673a2
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4932
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
1 module:set_global();
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
2
5331
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
3 local time_now = os.time;
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
4 local parse_duration = require "util.human.io".parse_duration;
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
5 local ip = require "util.ip";
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
6 local st = require "util.stanza";
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
7 local moduleapi = require "core.moduleapi";
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
8
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
9 local host_wide_user = "@";
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
10
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
11 local cleanup_after = module:get_option_string("audit_log_expires_after", "28d");
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
12 if cleanup_after == "never" then
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
13 cleanup_after = nil;
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
14 else
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
15 cleanup_after = parse_duration(cleanup_after);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
16 end
5115
4a5837591380 mod_audit: remove event hook
Jonas Schäfer <jonas@wielicki.name>
parents: 4934
diff changeset
17
5251
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
18 local attach_ips = module:get_option_boolean("audit_log_ips", true);
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
19 local attach_ipv4_prefix = module:get_option_number("audit_log_ipv4_prefix", nil);
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
20 local attach_ipv6_prefix = module:get_option_number("audit_log_ipv6_prefix", nil);
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
21
5298
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
22 local have_geoip, geoip = pcall(require, "geoip.country");
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
23 local attach_location = have_geoip and module:get_option_boolean("audit_log_location", true);
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
24
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
25 local geoip4_country, geoip6_country;
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
26 if have_geoip and attach_location then
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
27 geoip4_country = geoip.open(module:get_option_string("geoip_ipv4_country", "/usr/share/GeoIP/GeoIP.dat"));
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
28 geoip6_country = geoip.open(module:get_option_string("geoip_ipv6_country", "/usr/share/GeoIP/GeoIPv6.dat"));
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
29 end
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
30
4932
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
31
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
32 local stores = {};
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
33
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
34 local function get_store(self, host)
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
35 local store = rawget(self, host);
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
36 if store then
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
37 return store
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
38 end
4933
08dea42a302a mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents: 4932
diff changeset
39 store = module:context(host):open_store("audit", "archive");
4932
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
40 rawset(self, host, store);
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
41 return store;
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
42 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
43
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
44 setmetatable(stores, { __index = get_store });
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
45
5331
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
46 local function prune_audit_log(host)
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
47 local before = os.time() - cleanup_after;
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
48 module:context(host):log("debug", "Pruning audit log for entries older than %s", os.date("%Y-%m-%d %R:%S", before));
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
49 local ok, err = stores[host]:delete(nil, { ["end"] = before });
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
50 if not ok then
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
51 module:context(host):log("error", "Unable to prune audit log: %s", err);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
52 return;
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
53 end
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
54 local sum = tonumber(ok);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
55 if sum then
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
56 module:context(host):log("debug", "Pruned %d expired audit log entries", sum);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
57 return sum > 0;
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
58 end
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
59 module:context(host):log("debug", "Pruned expired audit log entries");
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
60 return true;
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
61 end
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
62
5251
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
63 local function get_ip_network(ip_addr)
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
64 local _ip = ip.new_ip(ip_addr);
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
65 local proto = _ip.proto;
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
66 local network;
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
67 if proto == "IPv4" and attach_ipv4_prefix then
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
68 network = ip.truncate(_ip, attach_ipv4_prefix).normal.."/"..attach_ipv4_prefix;
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
69 elseif proto == "IPv6" and attach_ipv6_prefix then
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
70 network = ip.truncate(_ip, attach_ipv6_prefix).normal.."/"..attach_ipv6_prefix;
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
71 end
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
72 return network;
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
73 end
4932
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
74
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
75 local function session_extra(session)
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
76 local attr = {
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
77 xmlns = "xmpp:prosody.im/audit",
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
78 };
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
79 if session.id then
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
80 attr.id = session.id;
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
81 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
82 if session.type then
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
83 attr.type = session.type;
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
84 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
85 local stanza = st.stanza("session", attr);
5251
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
86 if attach_ips and session.ip then
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
87 local remote_ip, network = session.ip;
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
88 if attach_ipv4_prefix or attach_ipv6_prefix then
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
89 network = get_ip_network(remote_ip);
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
90 end
f3123cbbd894 mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents: 5250
diff changeset
91 stanza:text_tag("remote-ip", network or remote_ip);
4932
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
92 end
5298
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
93 if attach_location and session.ip then
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
94 local remote_ip = ip.new(session.ip);
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
95 local geoip_country = ip.proto == "IPv6" and geoip6_country or geoip4_country;
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
96 stanza:tag("location", {
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
97 country = geoip_country:query_by_addr(remote_ip.normal);
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
98 }):up();
12f7d8b901e0 mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents: 5251
diff changeset
99 end
5250
d9577083c5f5 mod_audit: Include client id in audit log entries (if known)
Matthew Wild <mwild1@gmail.com>
parents: 5115
diff changeset
100 if session.client_id then
d9577083c5f5 mod_audit: Include client id in audit log entries (if known)
Matthew Wild <mwild1@gmail.com>
parents: 5115
diff changeset
101 stanza:text_tag("client", session.client_id);
d9577083c5f5 mod_audit: Include client id in audit log entries (if known)
Matthew Wild <mwild1@gmail.com>
parents: 5115
diff changeset
102 end
4932
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
103 return stanza
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
104 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
105
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
106 local function audit(host, user, source, event_type, extra)
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
107 if not host or host == "*" then
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
108 error("cannot log audit events for global");
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
109 end
4933
08dea42a302a mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents: 4932
diff changeset
110 local user_key = user or host_wide_user;
4932
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
111
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
112 local attr = {
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
113 ["source"] = source,
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
114 ["type"] = event_type,
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
115 };
4933
08dea42a302a mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents: 4932
diff changeset
116 if user_key ~= host_wide_user then
08dea42a302a mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents: 4932
diff changeset
117 attr.user = user_key;
4932
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
118 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
119 local stanza = st.stanza("audit-event", attr);
5318
c5ecfb06afde mod_audit: Minor style nit
Matthew Wild <mwild1@gmail.com>
parents: 5317
diff changeset
120 if extra then
4932
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
121 if extra.session then
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
122 local child = session_extra(extra.session);
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
123 if child then
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
124 stanza:add_child(child);
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
125 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
126 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
127 if extra.custom then
5321
d02f465e2aff mod_audit: Fix iteration of custom payloads to use ipairs
Matthew Wild <mwild1@gmail.com>
parents: 5319
diff changeset
128 for _, child in ipairs(extra.custom) do
4932
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
129 if not st.is_stanza(child) then
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
130 error("all extra.custom items must be stanzas")
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
131 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
132 stanza:add_child(child);
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
133 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
134 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
135 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
136
5331
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
137 local store = stores[host];
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
138 local id, err = store:append(nil, nil, stanza, extra and extra.timestamp or time_now(), user_key);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
139 if not id then
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
140 if err == "quota-limit" then
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
141 local limit = store.caps and store.caps.quota or 1000;
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
142 local truncate_to = math.floor(limit * 0.99);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
143 if type(cleanup_after) == "number" then
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
144 module:log("debug", "Audit log has reached quota - forcing prune");
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
145 if prune_audit_log(host) then
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
146 -- Retry append
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
147 id, err = store:append(nil, nil, stanza, extra and extra.timestamp or time_now(), user_key);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
148 end
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
149 end
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
150 if not id and (store.caps and store.caps.truncate) then
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
151 module:log("debug", "Audit log has reached quota - truncating");
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
152 local truncated = store:delete(nil, {
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
153 truncate = truncate_to;
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
154 });
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
155 if truncated then
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
156 -- Retry append
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
157 id, err = store:append(nil, nil, stanza, extra and extra.timestamp or time_now(), user_key);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
158 end
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
159 end
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
160 end
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
161 if not id then
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
162 module:log("error", "Failed to persist audit event: %s", err);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
163 return;
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
164 end
4932
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
165 else
5331
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
166 module:log("debug", "Persisted audit event %s as %s", stanza:top_tag(), id);
4932
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
167 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
168 end
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
169
4934
ae83200fb55f mod_audit: make the extension of the module API less of a hack
Jonas Schäfer <jonas@wielicki.name>
parents: 4933
diff changeset
170 function moduleapi.audit(module, user, event_type, extra)
ae83200fb55f mod_audit: make the extension of the module API less of a hack
Jonas Schäfer <jonas@wielicki.name>
parents: 4933
diff changeset
171 audit(module.host, user, "mod_" .. module:get_name(), event_type, extra);
4932
530d116b7f68 mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff changeset
172 end
5299
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
173
5351
c35f3c1762b5 mod_audit: Move underscore to avoid luacheck warning
Kim Alvefur <zash@zash.se>
parents: 5331
diff changeset
174 function module.command(arg_)
5326
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
175 local jid = require "util.jid";
5351
c35f3c1762b5 mod_audit: Move underscore to avoid luacheck warning
Kim Alvefur <zash@zash.se>
parents: 5331
diff changeset
176 local arg = require "util.argparse".parse(arg_, {
5331
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
177 value_params = { "limit" };
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
178 });
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
179
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
180 for k, v in pairs(arg) do print("U", k, v) end
5326
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
181 local query_user, host = jid.prepped_split(arg[1]);
5331
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
182
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
183 if arg.prune then
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
184 local sm = require "core.storagemanager";
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
185 if host then
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
186 sm.initialize_host(host);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
187 prune_audit_log(host);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
188 else
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
189 for _host in pairs(prosody.hosts) do
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
190 sm.initialize_host(_host);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
191 prune_audit_log(_host);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
192 end
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
193 end
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
194 return;
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
195 end
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
196
5299
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
197 if not host then
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
198 print("EE: Please supply the host for which you want to show events");
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
199 return 1;
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
200 elseif not prosody.hosts[host] then
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
201 print("EE: Unknown host: "..host);
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
202 return 1;
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
203 end
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
204
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
205 require "core.storagemanager".initialize_host(host);
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
206 local store = stores[host];
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
207 local c = 0;
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
208
5326
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
209 if arg.global then
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
210 if query_user then
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
211 print("WW: Specifying a user account is incompatible with --global. Showing only global events.");
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
212 end
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
213 query_user = "@";
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
214 end
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
215
5299
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
216 local results, err = store:find(nil, {
5326
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
217 with = query_user;
5299
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
218 limit = arg.limit and tonumber(arg.limit) or nil;
5319
5043108b14f4 mod_audit: Display most recent entries first, rather than showing oldest
Matthew Wild <mwild1@gmail.com>
parents: 5318
diff changeset
219 reverse = true;
5299
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
220 })
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
221 if not results then
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
222 print("EE: Failed to query audit log: "..tostring(err));
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
223 return 1;
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
224 end
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
225
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
226 local colspec = {
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
227 { title = "Date", key = "when", width = 19, mapper = function (when) return os.date("%Y-%m-%d %R:%S", when); end };
5322
eb832553d635 mod_audit: Use proportional columns in table output
Matthew Wild <mwild1@gmail.com>
parents: 5321
diff changeset
228 { title = "Source", key = "source", width = "2p" };
eb832553d635 mod_audit: Use proportional columns in table output
Matthew Wild <mwild1@gmail.com>
parents: 5321
diff changeset
229 { title = "Event", key = "event_type", width = "2p" };
5299
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
230 };
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
231
5326
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
232 if arg.show_user ~= false and (not arg.global and not query_user) or arg.show_user then
5299
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
233 table.insert(colspec, {
5322
eb832553d635 mod_audit: Use proportional columns in table output
Matthew Wild <mwild1@gmail.com>
parents: 5321
diff changeset
234 title = "User", key = "username", width = "2p",
5299
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
235 mapper = function (user)
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
236 if user == "@" then return ""; end
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
237 if user:sub(-#host-1, -1) == ("@"..host) then
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
238 return (user:gsub("@.+$", ""));
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
239 end
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
240 end;
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
241 });
5325
11b37063d80a mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents: 5323
diff changeset
242 end
5326
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
243 if arg.show_ip ~= false and (not arg.global and attach_ips) or arg.show_ip then
5325
11b37063d80a mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents: 5323
diff changeset
244 table.insert(colspec, {
11b37063d80a mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents: 5323
diff changeset
245 title = "IP", key = "ip", width = "2p";
11b37063d80a mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents: 5323
diff changeset
246 });
11b37063d80a mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents: 5323
diff changeset
247 end
5326
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
248 if arg.show_location ~= false and (not arg.global and attach_location) or arg.show_location then
5325
11b37063d80a mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents: 5323
diff changeset
249 table.insert(colspec, {
11b37063d80a mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents: 5323
diff changeset
250 title = "Location", key = "country", width = 2;
11b37063d80a mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents: 5323
diff changeset
251 });
5299
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
252 end
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
253
5327
7e3862a26e55 mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents: 5326
diff changeset
254 if arg.show_note then
7e3862a26e55 mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents: 5326
diff changeset
255 table.insert(colspec, {
7e3862a26e55 mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents: 5326
diff changeset
256 title = "Note", key = "note", width = "2p";
7e3862a26e55 mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents: 5326
diff changeset
257 });
7e3862a26e55 mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents: 5326
diff changeset
258 end
7e3862a26e55 mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents: 5326
diff changeset
259
5323
400ffa842576 mod_audit: Let util.human.io pick a suitable default width
Matthew Wild <mwild1@gmail.com>
parents: 5322
diff changeset
260 local row, width = require "util.human.io".table(colspec);
5299
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
261
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
262 print(string.rep("-", width));
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
263 print(row());
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
264 print(string.rep("-", width));
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
265 for _, entry, when, user in results do
5326
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
266 if arg.global ~= false or user ~= "@" then
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
267 c = c + 1;
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
268 print(row({
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
269 when = when;
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
270 source = entry.attr.source;
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
271 event_type = entry.attr.type:gsub("%-", " ");
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
272 username = user;
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
273 ip = entry:get_child_text("remote-ip");
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
274 location = entry:find("location@country");
5327
7e3862a26e55 mod_audit: Add 'note' column
Matthew Wild <mwild1@gmail.com>
parents: 5326
diff changeset
275 note = entry:get_child_text("note");
5326
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
276 }));
dc058fcc3fe3 mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents: 5325
diff changeset
277 end
5299
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
278 end
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
279 print(string.rep("-", width));
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
280 print(("%d records displayed"):format(c));
e3a3a6c86a9f mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents: 5298
diff changeset
281 end
5331
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
282
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
283 function module.add_host(host_module)
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
284 host_module:depends("cron");
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
285 host_module:daily("Prune audit logs", function ()
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
286 prune_audit_log(host_module.host);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
287 end);
e00e3e2c72a3 mod_audit: Add expiration of entries, and handling of full archive stores
Matthew Wild <mwild1@gmail.com>
parents: 5327
diff changeset
288 end