Add basic audit component to logger
Logs already: - Share events - Authentication events - User management events - File action events
This commit is contained in:
parent
6c69cdf860
commit
c2571cca41
|
@ -0,0 +1,76 @@
|
|||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
namespace OCA\Admin_Audit\Actions;
|
||||
|
||||
use OCP\ILogger;
|
||||
|
||||
class Action {
|
||||
/** @var ILogger */
|
||||
private $logger;
|
||||
|
||||
/**
|
||||
* @param ILogger $logger
|
||||
*/
|
||||
public function __construct(ILogger $logger) {
|
||||
$this->logger = $logger;
|
||||
}
|
||||
|
||||
/**
|
||||
* Log a single action with a log level of info
|
||||
*
|
||||
* @param string $text
|
||||
* @param array $params
|
||||
* @param array $elements
|
||||
*/
|
||||
public function log($text,
|
||||
array $params,
|
||||
array $elements) {
|
||||
foreach($elements as $element) {
|
||||
if(!isset($params[$element])) {
|
||||
$this->logger->critical(
|
||||
sprintf(
|
||||
'$params["'.$element.'"] was missing. Transferred value: %s',
|
||||
print_r($params, true)
|
||||
)
|
||||
);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
$replaceArray = [];
|
||||
foreach($elements as $element) {
|
||||
if($params[$element] instanceof \DateTime) {
|
||||
$params[$element] = $params[$element]->format('Y-m-d H:i:s');
|
||||
}
|
||||
$replaceArray[] = $params[$element];
|
||||
}
|
||||
|
||||
$this->logger->info(
|
||||
vsprintf(
|
||||
$text,
|
||||
$replaceArray
|
||||
),
|
||||
[
|
||||
'app' => 'admin_audit'
|
||||
]
|
||||
);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,56 @@
|
|||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
namespace OCA\Admin_Audit\Actions;
|
||||
|
||||
/**
|
||||
* Class Auth logs all auth related actions
|
||||
*
|
||||
* @package OCA\Admin_Audit\Actions
|
||||
*/
|
||||
class Auth extends Action {
|
||||
public function loginAttempt(array $params) {
|
||||
$this->log(
|
||||
'Login attempt: "%s"',
|
||||
$params,
|
||||
[
|
||||
'uid',
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
public function loginSuccessful(array $params) {
|
||||
$this->log(
|
||||
'Login successful: "%s"',
|
||||
$params,
|
||||
[
|
||||
'uid',
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
public function logout(array $params) {
|
||||
$this->log(
|
||||
'Logout occurred',
|
||||
[],
|
||||
[]
|
||||
);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,135 @@
|
|||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
namespace OCA\Admin_Audit\Actions;
|
||||
|
||||
/**
|
||||
* Class Files logs the actions to files
|
||||
*
|
||||
* @package OCA\Admin_Audit\Actions
|
||||
*/
|
||||
class Files extends Action {
|
||||
/**
|
||||
* Logs file read actions
|
||||
*
|
||||
* @param array $params
|
||||
*/
|
||||
public function read(array $params) {
|
||||
$this->log(
|
||||
'File accessed: "%s"',
|
||||
$params,
|
||||
[
|
||||
'path',
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Logs rename actions of files
|
||||
*
|
||||
* @param array $params
|
||||
*/
|
||||
public function rename(array $params) {
|
||||
$this->log(
|
||||
'File renamed: "%s" to "%s"',
|
||||
$params,
|
||||
[
|
||||
'oldpath',
|
||||
'newpath',
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Logs creation of files
|
||||
*
|
||||
* @param array $params
|
||||
*/
|
||||
public function create(array $params) {
|
||||
$this->log(
|
||||
'File created: "%s"',
|
||||
$params,
|
||||
[
|
||||
'path',
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Logs copying of files
|
||||
*
|
||||
* @param array $params
|
||||
*/
|
||||
public function copy(array $params) {
|
||||
$this->log(
|
||||
'File copied: "%s" to "%s"',
|
||||
$params,
|
||||
[
|
||||
'oldpath',
|
||||
'newpath',
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Logs writing of files
|
||||
*
|
||||
* @param array $params
|
||||
*/
|
||||
public function write(array $params) {
|
||||
$this->log(
|
||||
'File written to: "%s"',
|
||||
$params,
|
||||
[
|
||||
'path',
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Logs update of files
|
||||
*
|
||||
* @param array $params
|
||||
*/
|
||||
public function update(array $params) {
|
||||
$this->log(
|
||||
'File updated: "%s"',
|
||||
$params,
|
||||
[
|
||||
'path',
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Logs deletions of files
|
||||
*
|
||||
* @param array $params
|
||||
*/
|
||||
public function delete(array $params) {
|
||||
$this->log(
|
||||
'File deleted: "%s"',
|
||||
$params,
|
||||
[
|
||||
'path',
|
||||
]
|
||||
);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,189 @@
|
|||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
namespace OCA\Admin_Audit\Actions;
|
||||
use OCP\Share;
|
||||
|
||||
/**
|
||||
* Class Sharing logs the sharing actions
|
||||
*
|
||||
* @package OCA\Admin_Audit\Actions
|
||||
*/
|
||||
class Sharing extends Action {
|
||||
/**
|
||||
* Logs sharing of data
|
||||
*
|
||||
* @param array $params
|
||||
*/
|
||||
public function shared(array $params) {
|
||||
if($params['shareType'] === Share::SHARE_TYPE_LINK) {
|
||||
$this->log(
|
||||
'The %s "%s" with ID "%s" has been shared via link with permissions "%s" (Share ID: %s)',
|
||||
$params,
|
||||
[
|
||||
'itemType',
|
||||
'itemTarget',
|
||||
'itemSource',
|
||||
'permissions',
|
||||
'id',
|
||||
]
|
||||
);
|
||||
} elseif($params['shareType'] === Share::SHARE_TYPE_USER) {
|
||||
$this->log(
|
||||
'The %s "%s" with ID "%s" has been shared to the user "%s" with permissions "%s" (Share ID: %s)',
|
||||
$params,
|
||||
[
|
||||
'itemType',
|
||||
'itemTarget',
|
||||
'itemSource',
|
||||
'shareWith',
|
||||
'permissions',
|
||||
'id',
|
||||
]
|
||||
);
|
||||
} elseif($params['shareType'] === Share::SHARE_TYPE_GROUP) {
|
||||
$this->log(
|
||||
'The %s "%s" with ID "%s" has been shared to the group "%s" with permissions "%s" (Share ID: %s)',
|
||||
$params,
|
||||
[
|
||||
'itemType',
|
||||
'itemTarget',
|
||||
'itemSource',
|
||||
'shareWith',
|
||||
'permissions',
|
||||
'id',
|
||||
]
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Logs unsharing of data
|
||||
*
|
||||
* @param array $params
|
||||
*/
|
||||
public function unshare(array $params) {
|
||||
if($params['shareType'] === Share::SHARE_TYPE_LINK) {
|
||||
$this->log(
|
||||
'The %s "%s" with ID "%s" has been unshared (Share ID: %s)',
|
||||
$params,
|
||||
[
|
||||
'itemType',
|
||||
'fileTarget',
|
||||
'itemSource',
|
||||
'id',
|
||||
]
|
||||
);
|
||||
} elseif($params['shareType'] === Share::SHARE_TYPE_USER) {
|
||||
$this->log(
|
||||
'The %s "%s" with ID "%s" has been unshared from the user "%s" (Share ID: %s)',
|
||||
$params,
|
||||
[
|
||||
'itemType',
|
||||
'fileTarget',
|
||||
'itemSource',
|
||||
'shareWith',
|
||||
'id',
|
||||
]
|
||||
);
|
||||
} elseif($params['shareType'] === Share::SHARE_TYPE_GROUP) {
|
||||
$this->log(
|
||||
'The %s "%s" with ID "%s" has been unshared from the group "%s" (Share ID: %s)',
|
||||
$params,
|
||||
[
|
||||
'itemType',
|
||||
'fileTarget',
|
||||
'itemSource',
|
||||
'shareWith',
|
||||
'id',
|
||||
]
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Logs the updating of permission changes for shares
|
||||
*
|
||||
* @param array $params
|
||||
*/
|
||||
public function updatePermissions(array $params) {
|
||||
$this->log(
|
||||
'The permissions of the shared %s "%s" with ID "%s" have been changed to "%s"',
|
||||
$params,
|
||||
[
|
||||
'itemType',
|
||||
'path',
|
||||
'itemSource',
|
||||
'permissions',
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Logs the password changes for a share
|
||||
*
|
||||
* @param array $params
|
||||
*/
|
||||
public function updatePassword(array $params) {
|
||||
$this->log(
|
||||
'The password of the publicly shared %s "%s" with ID "%s" has been changed',
|
||||
$params,
|
||||
[
|
||||
'itemType',
|
||||
'token',
|
||||
'itemSource',
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Logs the expiration date changes for a share
|
||||
*
|
||||
* @param array $params
|
||||
*/
|
||||
public function updateExpirationDate(array $params) {
|
||||
$this->log(
|
||||
'The expiration date of the publicly shared %s with ID "%s" has been changed to "%s"',
|
||||
$params,
|
||||
[
|
||||
'itemType',
|
||||
'itemSource',
|
||||
'date',
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Logs access of shared files
|
||||
*
|
||||
* @param array $params
|
||||
*/
|
||||
public function shareAccessed(array $params) {
|
||||
$this->log(
|
||||
'The shared %s with the token "%s" by "%s" has been accessed.',
|
||||
$params,
|
||||
[
|
||||
'itemType',
|
||||
'token',
|
||||
'uidOwner',
|
||||
]
|
||||
);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,77 @@
|
|||
<?php
|
||||
/**
|
||||
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
namespace OCA\Admin_Audit\Actions;
|
||||
|
||||
/**
|
||||
* Class UserManagement logs all user management related actions.
|
||||
*
|
||||
* @package OCA\Admin_Audit\Actions
|
||||
*/
|
||||
class UserManagement extends Action {
|
||||
/**
|
||||
* Log creation of users
|
||||
*
|
||||
* @param array $params
|
||||
*/
|
||||
public function create(array $params) {
|
||||
$this->log(
|
||||
'User created: "%s"',
|
||||
$params,
|
||||
[
|
||||
'uid',
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Log deletion of users
|
||||
*
|
||||
* @param array $params
|
||||
*/
|
||||
public function delete(array $params) {
|
||||
$this->log(
|
||||
'User deleted: "%s"',
|
||||
$params,
|
||||
[
|
||||
'uid',
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Logs changing of the user scope
|
||||
*
|
||||
* @param \OCP\IUser $user
|
||||
*/
|
||||
public function setPassword(\OCP\IUser $user) {
|
||||
if($user->getBackendClassName() === 'Database') {
|
||||
$this->log(
|
||||
'Password of user "%s" has been changed',
|
||||
[
|
||||
'user' => $user->getUID(),
|
||||
],
|
||||
[
|
||||
'user',
|
||||
]
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,142 @@
|
|||
<?php
|
||||
/**
|
||||
* @author Lukas Reschke <lukas@statuscode.ch>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
$logger = \OC::$server->getLogger();
|
||||
|
||||
logUserManagement(
|
||||
$logger,
|
||||
\OC::$server->getUserSession()
|
||||
);
|
||||
logFileActions($logger);
|
||||
logAuthEvents($logger);
|
||||
logShareEvents($logger);
|
||||
|
||||
/**
|
||||
* Logs sharing events
|
||||
*
|
||||
* @param \OCP\ILogger $logger
|
||||
*/
|
||||
function logShareEvents($logger) {
|
||||
$shareActions = new \OCA\Admin_Audit\Actions\Sharing(
|
||||
$logger
|
||||
);
|
||||
|
||||
OCP\Util::connectHook('OCP\Share', 'post_shared', $shareActions, 'shared');
|
||||
OCP\Util::connectHook('OCP\Share', 'post_unshare', $shareActions, 'unshare');
|
||||
OCP\Util::connectHook('OCP\Share', 'post_update_permissions', $shareActions, 'updatePermissions');
|
||||
OCP\Util::connectHook('OCP\Share', 'post_update_password', $shareActions, 'updatePassword');
|
||||
OCP\Util::connectHook('OCP\Share', 'post_set_expiration_date', $shareActions, 'updateExpirationDate');
|
||||
OCP\Util::connectHook('OCP\Share', 'share_link_access', $shareActions, 'shareAccessed');
|
||||
}
|
||||
|
||||
/**
|
||||
* Log authentication event related actions
|
||||
*
|
||||
* @param \OCP\ILogger $logger
|
||||
*/
|
||||
function logAuthEvents($logger) {
|
||||
$authActions = new \OCA\Admin_Audit\Actions\Auth(
|
||||
$logger
|
||||
);
|
||||
OCP\Util::connectHook('OC_User', 'pre_login', $authActions, 'loginAttempt');
|
||||
OCP\Util::connectHook('OC_User', 'post_login', $authActions, 'loginSuccessful');
|
||||
OCP\Util::connectHook('OC_User', 'logout', $authActions, 'logout');
|
||||
}
|
||||
|
||||
/**
|
||||
* Log user management related actions
|
||||
*
|
||||
* @param \OCP\ILogger $logger
|
||||
* @param \OC\User\Session $userSession
|
||||
*/
|
||||
function logUserManagement($logger, $userSession) {
|
||||
$userActions = new \OCA\Admin_Audit\Actions\UserManagement(
|
||||
$logger
|
||||
);
|
||||
|
||||
OCP\Util::connectHook(
|
||||
'OC_User',
|
||||
'post_createUser',
|
||||
$userActions,
|
||||
'create'
|
||||
);
|
||||
OCP\Util::connectHook(
|
||||
'OC_User',
|
||||
'post_deleteUser',
|
||||
$userActions,
|
||||
'delete'
|
||||
);
|
||||
$userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']);
|
||||
}
|
||||
|
||||
/**
|
||||
* Log file related actions
|
||||
*
|
||||
* @param \OCP\ILogger $logger
|
||||
*/
|
||||
function logFileActions($logger) {
|
||||
$fileActions = new \OCA\Admin_Audit\Actions\Files(
|
||||
$logger
|
||||
);
|
||||
|
||||
OCP\Util::connectHook(
|
||||
OC\Files\Filesystem::CLASSNAME,
|
||||
OC\Files\Filesystem::signal_post_rename,
|
||||
$fileActions,
|
||||
'rename'
|
||||
);
|
||||
OCP\Util::connectHook(
|
||||
OC\Files\Filesystem::CLASSNAME,
|
||||
OC\Files\Filesystem::signal_post_create,
|
||||
$fileActions,
|
||||
'create'
|
||||
);
|
||||
OCP\Util::connectHook(
|
||||
OC\Files\Filesystem::CLASSNAME,
|
||||
OC\Files\Filesystem::signal_post_copy,
|
||||
$fileActions,
|
||||
'copy'
|
||||
);
|
||||
OCP\Util::connectHook(
|
||||
OC\Files\Filesystem::CLASSNAME,
|
||||
OC\Files\Filesystem::signal_post_write,
|
||||
$fileActions,
|
||||
'write'
|
||||
);
|
||||
OCP\Util::connectHook(
|
||||
OC\Files\Filesystem::CLASSNAME,
|
||||
OC\Files\Filesystem::signal_post_update,
|
||||
$fileActions,
|
||||
'update'
|
||||
);
|
||||
OCP\Util::connectHook(
|
||||
OC\Files\Filesystem::CLASSNAME,
|
||||
OC\Files\Filesystem::signal_read,
|
||||
$fileActions,
|
||||
'read'
|
||||
);
|
||||
OCP\Util::connectHook(
|
||||
OC\Files\Filesystem::CLASSNAME,
|
||||
OC\Files\Filesystem::signal_delete,
|
||||
$fileActions,
|
||||
'delete'
|
||||
);
|
||||
}
|
|
@ -0,0 +1,18 @@
|
|||
<?xml version="1.0"?>
|
||||
<info>
|
||||
<id>admin_audit</id>
|
||||
<name>Auditing / Logging</name>
|
||||
<description>Provides logging abilities for Nextcloud such as logging file
|
||||
accesses or otherwise sensitive actions.
|
||||
</description>
|
||||
<licence>AGPL</licence>
|
||||
<author>Nextcloud</author>
|
||||
<version>1.0.0</version>
|
||||
<dependencies>
|
||||
<owncloud min-version="9.0" max-version="9.1" />
|
||||
</dependencies>
|
||||
<types>
|
||||
<logging/>
|
||||
</types>
|
||||
<default_enable/>
|
||||
</info>
|
Loading…
Reference in New Issue