Add basic audit component to logger

Logs already:
- Share events
- Authentication events
- User management events
- File action events
This commit is contained in:
Lukas Reschke 2016-06-08 15:25:44 +02:00
parent 6c69cdf860
commit c2571cca41
No known key found for this signature in database
GPG Key ID: 9AB0ADB949B6898C
7 changed files with 693 additions and 0 deletions

View File

@ -0,0 +1,76 @@
<?php
/**
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\Admin_Audit\Actions;
use OCP\ILogger;
class Action {
/** @var ILogger */
private $logger;
/**
* @param ILogger $logger
*/
public function __construct(ILogger $logger) {
$this->logger = $logger;
}
/**
* Log a single action with a log level of info
*
* @param string $text
* @param array $params
* @param array $elements
*/
public function log($text,
array $params,
array $elements) {
foreach($elements as $element) {
if(!isset($params[$element])) {
$this->logger->critical(
sprintf(
'$params["'.$element.'"] was missing. Transferred value: %s',
print_r($params, true)
)
);
return;
}
}
$replaceArray = [];
foreach($elements as $element) {
if($params[$element] instanceof \DateTime) {
$params[$element] = $params[$element]->format('Y-m-d H:i:s');
}
$replaceArray[] = $params[$element];
}
$this->logger->info(
vsprintf(
$text,
$replaceArray
),
[
'app' => 'admin_audit'
]
);
}
}

View File

@ -0,0 +1,56 @@
<?php
/**
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\Admin_Audit\Actions;
/**
* Class Auth logs all auth related actions
*
* @package OCA\Admin_Audit\Actions
*/
class Auth extends Action {
public function loginAttempt(array $params) {
$this->log(
'Login attempt: "%s"',
$params,
[
'uid',
]
);
}
public function loginSuccessful(array $params) {
$this->log(
'Login successful: "%s"',
$params,
[
'uid',
]
);
}
public function logout(array $params) {
$this->log(
'Logout occurred',
[],
[]
);
}
}

View File

@ -0,0 +1,135 @@
<?php
/**
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\Admin_Audit\Actions;
/**
* Class Files logs the actions to files
*
* @package OCA\Admin_Audit\Actions
*/
class Files extends Action {
/**
* Logs file read actions
*
* @param array $params
*/
public function read(array $params) {
$this->log(
'File accessed: "%s"',
$params,
[
'path',
]
);
}
/**
* Logs rename actions of files
*
* @param array $params
*/
public function rename(array $params) {
$this->log(
'File renamed: "%s" to "%s"',
$params,
[
'oldpath',
'newpath',
]
);
}
/**
* Logs creation of files
*
* @param array $params
*/
public function create(array $params) {
$this->log(
'File created: "%s"',
$params,
[
'path',
]
);
}
/**
* Logs copying of files
*
* @param array $params
*/
public function copy(array $params) {
$this->log(
'File copied: "%s" to "%s"',
$params,
[
'oldpath',
'newpath',
]
);
}
/**
* Logs writing of files
*
* @param array $params
*/
public function write(array $params) {
$this->log(
'File written to: "%s"',
$params,
[
'path',
]
);
}
/**
* Logs update of files
*
* @param array $params
*/
public function update(array $params) {
$this->log(
'File updated: "%s"',
$params,
[
'path',
]
);
}
/**
* Logs deletions of files
*
* @param array $params
*/
public function delete(array $params) {
$this->log(
'File deleted: "%s"',
$params,
[
'path',
]
);
}
}

View File

@ -0,0 +1,189 @@
<?php
/**
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\Admin_Audit\Actions;
use OCP\Share;
/**
* Class Sharing logs the sharing actions
*
* @package OCA\Admin_Audit\Actions
*/
class Sharing extends Action {
/**
* Logs sharing of data
*
* @param array $params
*/
public function shared(array $params) {
if($params['shareType'] === Share::SHARE_TYPE_LINK) {
$this->log(
'The %s "%s" with ID "%s" has been shared via link with permissions "%s" (Share ID: %s)',
$params,
[
'itemType',
'itemTarget',
'itemSource',
'permissions',
'id',
]
);
} elseif($params['shareType'] === Share::SHARE_TYPE_USER) {
$this->log(
'The %s "%s" with ID "%s" has been shared to the user "%s" with permissions "%s" (Share ID: %s)',
$params,
[
'itemType',
'itemTarget',
'itemSource',
'shareWith',
'permissions',
'id',
]
);
} elseif($params['shareType'] === Share::SHARE_TYPE_GROUP) {
$this->log(
'The %s "%s" with ID "%s" has been shared to the group "%s" with permissions "%s" (Share ID: %s)',
$params,
[
'itemType',
'itemTarget',
'itemSource',
'shareWith',
'permissions',
'id',
]
);
}
}
/**
* Logs unsharing of data
*
* @param array $params
*/
public function unshare(array $params) {
if($params['shareType'] === Share::SHARE_TYPE_LINK) {
$this->log(
'The %s "%s" with ID "%s" has been unshared (Share ID: %s)',
$params,
[
'itemType',
'fileTarget',
'itemSource',
'id',
]
);
} elseif($params['shareType'] === Share::SHARE_TYPE_USER) {
$this->log(
'The %s "%s" with ID "%s" has been unshared from the user "%s" (Share ID: %s)',
$params,
[
'itemType',
'fileTarget',
'itemSource',
'shareWith',
'id',
]
);
} elseif($params['shareType'] === Share::SHARE_TYPE_GROUP) {
$this->log(
'The %s "%s" with ID "%s" has been unshared from the group "%s" (Share ID: %s)',
$params,
[
'itemType',
'fileTarget',
'itemSource',
'shareWith',
'id',
]
);
}
}
/**
* Logs the updating of permission changes for shares
*
* @param array $params
*/
public function updatePermissions(array $params) {
$this->log(
'The permissions of the shared %s "%s" with ID "%s" have been changed to "%s"',
$params,
[
'itemType',
'path',
'itemSource',
'permissions',
]
);
}
/**
* Logs the password changes for a share
*
* @param array $params
*/
public function updatePassword(array $params) {
$this->log(
'The password of the publicly shared %s "%s" with ID "%s" has been changed',
$params,
[
'itemType',
'token',
'itemSource',
]
);
}
/**
* Logs the expiration date changes for a share
*
* @param array $params
*/
public function updateExpirationDate(array $params) {
$this->log(
'The expiration date of the publicly shared %s with ID "%s" has been changed to "%s"',
$params,
[
'itemType',
'itemSource',
'date',
]
);
}
/**
* Logs access of shared files
*
* @param array $params
*/
public function shareAccessed(array $params) {
$this->log(
'The shared %s with the token "%s" by "%s" has been accessed.',
$params,
[
'itemType',
'token',
'uidOwner',
]
);
}
}

View File

@ -0,0 +1,77 @@
<?php
/**
* @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\Admin_Audit\Actions;
/**
* Class UserManagement logs all user management related actions.
*
* @package OCA\Admin_Audit\Actions
*/
class UserManagement extends Action {
/**
* Log creation of users
*
* @param array $params
*/
public function create(array $params) {
$this->log(
'User created: "%s"',
$params,
[
'uid',
]
);
}
/**
* Log deletion of users
*
* @param array $params
*/
public function delete(array $params) {
$this->log(
'User deleted: "%s"',
$params,
[
'uid',
]
);
}
/**
* Logs changing of the user scope
*
* @param \OCP\IUser $user
*/
public function setPassword(\OCP\IUser $user) {
if($user->getBackendClassName() === 'Database') {
$this->log(
'Password of user "%s" has been changed',
[
'user' => $user->getUID(),
],
[
'user',
]
);
}
}
}

View File

@ -0,0 +1,142 @@
<?php
/**
* @author Lukas Reschke <lukas@statuscode.ch>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
$logger = \OC::$server->getLogger();
logUserManagement(
$logger,
\OC::$server->getUserSession()
);
logFileActions($logger);
logAuthEvents($logger);
logShareEvents($logger);
/**
* Logs sharing events
*
* @param \OCP\ILogger $logger
*/
function logShareEvents($logger) {
$shareActions = new \OCA\Admin_Audit\Actions\Sharing(
$logger
);
OCP\Util::connectHook('OCP\Share', 'post_shared', $shareActions, 'shared');
OCP\Util::connectHook('OCP\Share', 'post_unshare', $shareActions, 'unshare');
OCP\Util::connectHook('OCP\Share', 'post_update_permissions', $shareActions, 'updatePermissions');
OCP\Util::connectHook('OCP\Share', 'post_update_password', $shareActions, 'updatePassword');
OCP\Util::connectHook('OCP\Share', 'post_set_expiration_date', $shareActions, 'updateExpirationDate');
OCP\Util::connectHook('OCP\Share', 'share_link_access', $shareActions, 'shareAccessed');
}
/**
* Log authentication event related actions
*
* @param \OCP\ILogger $logger
*/
function logAuthEvents($logger) {
$authActions = new \OCA\Admin_Audit\Actions\Auth(
$logger
);
OCP\Util::connectHook('OC_User', 'pre_login', $authActions, 'loginAttempt');
OCP\Util::connectHook('OC_User', 'post_login', $authActions, 'loginSuccessful');
OCP\Util::connectHook('OC_User', 'logout', $authActions, 'logout');
}
/**
* Log user management related actions
*
* @param \OCP\ILogger $logger
* @param \OC\User\Session $userSession
*/
function logUserManagement($logger, $userSession) {
$userActions = new \OCA\Admin_Audit\Actions\UserManagement(
$logger
);
OCP\Util::connectHook(
'OC_User',
'post_createUser',
$userActions,
'create'
);
OCP\Util::connectHook(
'OC_User',
'post_deleteUser',
$userActions,
'delete'
);
$userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']);
}
/**
* Log file related actions
*
* @param \OCP\ILogger $logger
*/
function logFileActions($logger) {
$fileActions = new \OCA\Admin_Audit\Actions\Files(
$logger
);
OCP\Util::connectHook(
OC\Files\Filesystem::CLASSNAME,
OC\Files\Filesystem::signal_post_rename,
$fileActions,
'rename'
);
OCP\Util::connectHook(
OC\Files\Filesystem::CLASSNAME,
OC\Files\Filesystem::signal_post_create,
$fileActions,
'create'
);
OCP\Util::connectHook(
OC\Files\Filesystem::CLASSNAME,
OC\Files\Filesystem::signal_post_copy,
$fileActions,
'copy'
);
OCP\Util::connectHook(
OC\Files\Filesystem::CLASSNAME,
OC\Files\Filesystem::signal_post_write,
$fileActions,
'write'
);
OCP\Util::connectHook(
OC\Files\Filesystem::CLASSNAME,
OC\Files\Filesystem::signal_post_update,
$fileActions,
'update'
);
OCP\Util::connectHook(
OC\Files\Filesystem::CLASSNAME,
OC\Files\Filesystem::signal_read,
$fileActions,
'read'
);
OCP\Util::connectHook(
OC\Files\Filesystem::CLASSNAME,
OC\Files\Filesystem::signal_delete,
$fileActions,
'delete'
);
}

View File

@ -0,0 +1,18 @@
<?xml version="1.0"?>
<info>
<id>admin_audit</id>
<name>Auditing / Logging</name>
<description>Provides logging abilities for Nextcloud such as logging file
accesses or otherwise sensitive actions.
</description>
<licence>AGPL</licence>
<author>Nextcloud</author>
<version>1.0.0</version>
<dependencies>
<owncloud min-version="9.0" max-version="9.1" />
</dependencies>
<types>
<logging/>
</types>
<default_enable/>
</info>