globaleaks / globaleaks-whistleblowing-software

GlobaLeaks is a free and open-source whistleblowing software enabling anyone to easily set up and maintain a secure reporting platform.
https://www.globaleaks.org
Other
1.23k stars 271 forks source link

Implement logging of all operations performed on submissions by users #1956

Open evilaliv3 opened 7 years ago

evilaliv3 commented 7 years ago

This ticket is to keep track of the activities related to the implementation of a logging facility for all the operations performed on submissions by the whistleblower and by the recipients.

Examples of actions that the system should log:

NCommander commented 6 years ago

So ... how do we want to log this?

My initial thought was a SQLite table, but I actually think we might want to log to syslog for this vs. something in GlobaLeaks, and possibly cryptographically sign the logs. I know this is something SecureDrop does, but it does mean if the box running GL is compromised, so are you log files. If you're logging to syslog, you can send it to another server which may be OK.

fpietrosanti commented 6 years ago

@NCommander that's more about "auditing" than "logging" (from a system point of view), so subjects and objects that do actions. We've been asked already in past for a "tip log" of all the history of all the actions and events around that tip "from a human point of view" (what the people operating this tip has done and when, what the machine have done autonomously on the objects).

Let's think more of a structured database, like Windows Eventlog, that's the kind of framework we should look forward.

fpietrosanti commented 4 years ago

Added tag Garante Privacy ass per their opinion on ANAC Guidelines: "14. la piattaforma per l’acquisizione e gestione delle segnalazioni deve tracciare le attività (accessi e operazioni) effettuate unicamente dall’RPCT e dagli altri soggetti autorizzati al trattamento (inclusi quelli che gestiscono le utenze del sistema e attribuiscono loro i relativi profili di autorizzazione), e non anche quelle effettuate dal segnalante; deve, inoltre, essere precisato che tale tracciamento deve essere effettuato esclusivamente al fine di garantire la correttezza e la sicurezza del trattamento;"

elbill commented 4 years ago

@evilaliv3 @fpietrosanti Just to contribute my view on how this could be implemented. While (a) has been mentioned before (b) & (c) have not if I'm not mistaken: a) Log files include all kinds of recipient access to reports (system access, view report, modify report, message, export report, label and delete report). b) The actions of system administrators regarding users (receivers) are recorded, including adding/deleting users, and changing user rights. c) Reassure that log file cannot be deleted or modified. Access to logs is logged to detect unusual activity.