Software / code / prosody-modules
Annotate
mod_audit/mod_audit.lua @ 5326:dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Fri, 07 Apr 2023 13:44:18 +0100 |
| parent | 5325:11b37063d80a |
| child | 5327:7e3862a26e55 |
| rev | line source |
|---|---|
|
4932
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
1 module:set_global(); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
2 |
|
5115
4a5837591380
mod_audit: remove event hook
Jonas Schäfer <jonas@wielicki.name>
parents:
4934
diff
changeset
|
3 local audit_log_limit = module:get_option_number("audit_log_limit", 10000); |
|
4a5837591380
mod_audit: remove event hook
Jonas Schäfer <jonas@wielicki.name>
parents:
4934
diff
changeset
|
4 local cleanup_after = module:get_option_string("audit_log_expires_after", "2w"); |
|
4a5837591380
mod_audit: remove event hook
Jonas Schäfer <jonas@wielicki.name>
parents:
4934
diff
changeset
|
5 |
|
5251
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
6 local attach_ips = module:get_option_boolean("audit_log_ips", true); |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
7 local attach_ipv4_prefix = module:get_option_number("audit_log_ipv4_prefix", nil); |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
8 local attach_ipv6_prefix = module:get_option_number("audit_log_ipv6_prefix", nil); |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
9 |
|
5298
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
10 local have_geoip, geoip = pcall(require, "geoip.country"); |
|
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
11 local attach_location = have_geoip and module:get_option_boolean("audit_log_location", true); |
|
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
12 |
|
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
13 local geoip4_country, geoip6_country; |
|
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
14 if have_geoip and attach_location then |
|
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
15 geoip4_country = geoip.open(module:get_option_string("geoip_ipv4_country", "/usr/share/GeoIP/GeoIP.dat")); |
|
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
16 geoip6_country = geoip.open(module:get_option_string("geoip_ipv6_country", "/usr/share/GeoIP/GeoIPv6.dat")); |
|
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
17 end |
|
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
18 |
|
4932
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
19 local time_now = os.time; |
|
5251
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
20 local ip = require "util.ip"; |
|
4932
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
21 local st = require "util.stanza"; |
|
4934
ae83200fb55f
mod_audit: make the extension of the module API less of a hack
Jonas Schäfer <jonas@wielicki.name>
parents:
4933
diff
changeset
|
22 local moduleapi = require "core.moduleapi"; |
|
4932
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
23 |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
24 local host_wide_user = "@"; |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
25 |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
26 local stores = {}; |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
27 |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
28 local function get_store(self, host) |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
29 local store = rawget(self, host); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
30 if store then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
31 return store |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
32 end |
|
4933
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4932
diff
changeset
|
33 store = module:context(host):open_store("audit", "archive"); |
|
4932
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
34 rawset(self, host, store); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
35 return store; |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
36 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
37 |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
38 setmetatable(stores, { __index = get_store }); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
39 |
|
5251
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
40 local function get_ip_network(ip_addr) |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
41 local _ip = ip.new_ip(ip_addr); |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
42 local proto = _ip.proto; |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
43 local network; |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
44 if proto == "IPv4" and attach_ipv4_prefix then |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
45 network = ip.truncate(_ip, attach_ipv4_prefix).normal.."/"..attach_ipv4_prefix; |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
46 elseif proto == "IPv6" and attach_ipv6_prefix then |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
47 network = ip.truncate(_ip, attach_ipv6_prefix).normal.."/"..attach_ipv6_prefix; |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
48 end |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
49 return network; |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
50 end |
|
4932
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
51 |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
52 local function session_extra(session) |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
53 local attr = { |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
54 xmlns = "xmpp:prosody.im/audit", |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
55 }; |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
56 if session.id then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
57 attr.id = session.id; |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
58 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
59 if session.type then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
60 attr.type = session.type; |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
61 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
62 local stanza = st.stanza("session", attr); |
|
5251
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
63 if attach_ips and session.ip then |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
64 local remote_ip, network = session.ip; |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
65 if attach_ipv4_prefix or attach_ipv6_prefix then |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
66 network = get_ip_network(remote_ip); |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
67 end |
|
f3123cbbd894
mod_audit: Allow disabling IP logging, or limiting it to a prefix
Matthew Wild <mwild1@gmail.com>
parents:
5250
diff
changeset
|
68 stanza:text_tag("remote-ip", network or remote_ip); |
|
4932
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
69 end |
|
5298
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
70 if attach_location and session.ip then |
|
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
71 local remote_ip = ip.new(session.ip); |
|
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
72 local geoip_country = ip.proto == "IPv6" and geoip6_country or geoip4_country; |
|
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
73 stanza:tag("location", { |
|
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
74 country = geoip_country:query_by_addr(remote_ip.normal); |
|
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
75 }):up(); |
|
12f7d8b901e0
mod_audit: Support for adding location (GeoIP) to audit events
Matthew Wild <mwild1@gmail.com>
parents:
5251
diff
changeset
|
76 end |
|
5250
d9577083c5f5
mod_audit: Include client id in audit log entries (if known)
Matthew Wild <mwild1@gmail.com>
parents:
5115
diff
changeset
|
77 if session.client_id then |
|
d9577083c5f5
mod_audit: Include client id in audit log entries (if known)
Matthew Wild <mwild1@gmail.com>
parents:
5115
diff
changeset
|
78 stanza:text_tag("client", session.client_id); |
|
d9577083c5f5
mod_audit: Include client id in audit log entries (if known)
Matthew Wild <mwild1@gmail.com>
parents:
5115
diff
changeset
|
79 end |
|
4932
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
80 return stanza |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
81 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
82 |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
83 local function audit(host, user, source, event_type, extra) |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
84 if not host or host == "*" then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
85 error("cannot log audit events for global"); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
86 end |
|
4933
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4932
diff
changeset
|
87 local user_key = user or host_wide_user; |
|
4932
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
88 |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
89 local attr = { |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
90 ["source"] = source, |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
91 ["type"] = event_type, |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
92 }; |
|
4933
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4932
diff
changeset
|
93 if user_key ~= host_wide_user then |
|
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4932
diff
changeset
|
94 attr.user = user_key; |
|
4932
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
95 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
96 local stanza = st.stanza("audit-event", attr); |
|
5318
c5ecfb06afde
mod_audit: Minor style nit
Matthew Wild <mwild1@gmail.com>
parents:
5317
diff
changeset
|
97 if extra then |
|
4932
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
98 if extra.session then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
99 local child = session_extra(extra.session); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
100 if child then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
101 stanza:add_child(child); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
102 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
103 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
104 if extra.custom then |
|
5321
d02f465e2aff
mod_audit: Fix iteration of custom payloads to use ipairs
Matthew Wild <mwild1@gmail.com>
parents:
5319
diff
changeset
|
105 for _, child in ipairs(extra.custom) do |
|
4932
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
106 if not st.is_stanza(child) then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
107 error("all extra.custom items must be stanzas") |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
108 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
109 stanza:add_child(child); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
110 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
111 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
112 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
113 |
|
5317
0091b7de2763
mod_audit: Allow caller to specify time of the event
Matthew Wild <mwild1@gmail.com>
parents:
5299
diff
changeset
|
114 local id, err = stores[host]:append(nil, nil, stanza, extra and extra.timestamp or time_now(), user_key); |
|
4932
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
115 if err then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
116 module:log("error", "failed to persist audit event: %s", err); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
117 return |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
118 else |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
119 module:log("debug", "persisted audit event %s as %s", stanza:top_tag(), id); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
120 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
121 end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
122 |
|
4934
ae83200fb55f
mod_audit: make the extension of the module API less of a hack
Jonas Schäfer <jonas@wielicki.name>
parents:
4933
diff
changeset
|
123 function moduleapi.audit(module, user, event_type, extra) |
|
ae83200fb55f
mod_audit: make the extension of the module API less of a hack
Jonas Schäfer <jonas@wielicki.name>
parents:
4933
diff
changeset
|
124 audit(module.host, user, "mod_" .. module:get_name(), event_type, extra); |
|
4932
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
125 end |
|
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
126 |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
127 function module.command(_arg) |
|
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
128 local jid = require "util.jid"; |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
129 local arg = require "util.argparse".parse(_arg, { value_params = { "limit" } }); |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
130 local query_user, host = jid.prepped_split(arg[1]); |
|
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
131 if not host then |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
132 print("EE: Please supply the host for which you want to show events"); |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
133 return 1; |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
134 elseif not prosody.hosts[host] then |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
135 print("EE: Unknown host: "..host); |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
136 return 1; |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
137 end |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
138 |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
139 require "core.storagemanager".initialize_host(host); |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
140 local store = stores[host]; |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
141 local c = 0; |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
142 |
|
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
143 if arg.global then |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
144 if query_user then |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
145 print("WW: Specifying a user account is incompatible with --global. Showing only global events."); |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
146 end |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
147 query_user = "@"; |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
148 end |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
149 |
|
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
150 local results, err = store:find(nil, { |
|
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
151 with = query_user; |
|
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
152 limit = arg.limit and tonumber(arg.limit) or nil; |
|
5319
5043108b14f4
mod_audit: Display most recent entries first, rather than showing oldest
Matthew Wild <mwild1@gmail.com>
parents:
5318
diff
changeset
|
153 reverse = true; |
|
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
154 }) |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
155 if not results then |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
156 print("EE: Failed to query audit log: "..tostring(err)); |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
157 return 1; |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
158 end |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
159 |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
160 local colspec = { |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
161 { title = "Date", key = "when", width = 19, mapper = function (when) return os.date("%Y-%m-%d %R:%S", when); end }; |
|
5322
eb832553d635
mod_audit: Use proportional columns in table output
Matthew Wild <mwild1@gmail.com>
parents:
5321
diff
changeset
|
162 { title = "Source", key = "source", width = "2p" }; |
|
eb832553d635
mod_audit: Use proportional columns in table output
Matthew Wild <mwild1@gmail.com>
parents:
5321
diff
changeset
|
163 { title = "Event", key = "event_type", width = "2p" }; |
|
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
164 }; |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
165 |
|
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
166 if arg.show_user ~= false and (not arg.global and not query_user) or arg.show_user then |
|
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
167 table.insert(colspec, { |
|
5322
eb832553d635
mod_audit: Use proportional columns in table output
Matthew Wild <mwild1@gmail.com>
parents:
5321
diff
changeset
|
168 title = "User", key = "username", width = "2p", |
|
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
169 mapper = function (user) |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
170 if user == "@" then return ""; end |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
171 if user:sub(-#host-1, -1) == ("@"..host) then |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
172 return (user:gsub("@.+$", "")); |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
173 end |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
174 end; |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
175 }); |
|
5325
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
176 end |
|
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
177 if arg.show_ip ~= false and (not arg.global and attach_ips) or arg.show_ip then |
|
5325
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
178 table.insert(colspec, { |
|
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
179 title = "IP", key = "ip", width = "2p"; |
|
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
180 }); |
|
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
181 end |
|
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
182 if arg.show_location ~= false and (not arg.global and attach_location) or arg.show_location then |
|
5325
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
183 table.insert(colspec, { |
|
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
184 title = "Location", key = "country", width = 2; |
|
11b37063d80a
mod_audit: Add some control over output columns via command-line flags
Matthew Wild <mwild1@gmail.com>
parents:
5323
diff
changeset
|
185 }); |
|
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
186 end |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
187 |
|
5323
400ffa842576
mod_audit: Let util.human.io pick a suitable default width
Matthew Wild <mwild1@gmail.com>
parents:
5322
diff
changeset
|
188 local row, width = require "util.human.io".table(colspec); |
|
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
189 |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
190 print(string.rep("-", width)); |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
191 print(row()); |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
192 print(string.rep("-", width)); |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
193 for _, entry, when, user in results do |
|
5326
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
194 if arg.global ~= false or user ~= "@" then |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
195 c = c + 1; |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
196 print(row({ |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
197 when = when; |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
198 source = entry.attr.source; |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
199 event_type = entry.attr.type:gsub("%-", " "); |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
200 username = user; |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
201 ip = entry:get_child_text("remote-ip"); |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
202 location = entry:find("location@country"); |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
203 })); |
|
dc058fcc3fe3
mod_audit: Improve filtering options and add documentation to README
Matthew Wild <mwild1@gmail.com>
parents:
5325
diff
changeset
|
204 end |
|
5299
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
205 end |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
206 print(string.rep("-", width)); |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
207 print(("%d records displayed"):format(c)); |
|
e3a3a6c86a9f
mod_audit: Add a command to print the audit log on the command-line
Matthew Wild <mwild1@gmail.com>
parents:
5298
diff
changeset
|
208 end |
