search

KennethScott / SpecOps

SpecOps is a web-based, centralized PowerShell script repository where non-technical users can run scripts via a user-friendly GUI.
Other
97 stars 6 forks source link

Audit logging of script execution #2

Closed dniesen closed 3 years ago

dniesen commented 3 years ago

We set this up to provide self-service to some staff for functions we commonly ran via scripts, this is going to be a huge time saver for us!

One feature we need in order to roll this out is some kind of audit logging for accountability. Even just a way to pass the logged in user to the script being run would allow us to handle that within the scripts themselves.

KennethScott commented 3 years ago

That's a great idea. Just to make sure you're aware, that information is currently logged via Serilog in the log files produced by the application (logs folder) - but I understand how you might want to handle the logging yourself differently from within the scripts themselves. I'll take a look this weekend and see what I can do.

On Fri, Jul 23, 2021, 8:16 AM dniesen @.***> wrote:

We set this up to provide self-service to some staff for functions we commonly ran via scripts, this is going to be a huge time saver for us!

One feature we need in order to roll this out is some kind of audit logging for accountability. Even just a way to pass the logged in user to the script being run would allow us to handle that within the scripts themselves.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/KennethScott/SpecOps/issues/2, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAGJBS3YXHND5QPU3A2EIOLTZFTT3ANCNFSM5A37VXEA .

dniesen commented 3 years ago

I was not aware of that in the logging, that definitely helps with seeing who runs a script. I would like to log the parameters they used as well, worst case is we could correlate the logs but having a single audit log with that information would be a lot easier for our purposes.

KennethScott commented 3 years ago

I've committed changes (and created a new precompiled release zip) adding support for system generated input parameters. The two I added are: SpecOpsCurrentUser (current user's domain\login) SpecOpsCurrentUserIP (current user's IP address)

They're automatically available to all scripts, just define them at the top like you would any other input parameter and do what you need with them in your code. I updated the README to include them, and the Scripts/demo.ps1 file shows their use.

I also changed the log statement being written via Serilog internally to include the parameters being used to run the script.

Let me know how it goes.

dniesen commented 3 years ago

This is fantastic! I updated with the precompiled release and tested this out. It is working exactly as you described!

Having those parameters logged in the Serilog makes my job even easier in the meantime as I at least have one place with who attempted what in the meantime.

Thank you!

KennethScott commented 3 years ago

Great - glad to hear it!