Audit Log: users accesses should be logged

globaleaks / globaleaks-whistleblowing-software

GlobaLeaks is a free and open-source whistleblowing software enabling anyone to easily set up and maintain a secure reporting platform.

https://www.globaleaks.org

Other

1.25k stars 274 forks source link

Audit Log: users accesses should be logged #862

Open evilaliv3 opened 10 years ago

evilaliv3 commented 10 years ago

Users accesses must be properly logged:

the currently identified information to log is:

username
success: True/False
User-Agent (properly size limited / sanitized)

in addition also the logging capability must be limited, i.e., the system must logs up to N entry per user with N configurable.

evilaliv3 commented 10 years ago

a good starting point has been provided by @giuscri in commit https://github.com/giuscri/GLBackend/commit/844f7a44c1c2027cdc5bab2cffbfd3e165a98114

currently(https://github.com/globaleaks/GLBackend/commit/553fa9b9101a4147f5ed241db1403f27d9ee121a) i've added:

logging also for admin
implemented the configurable logging limit (with a default of 10 logs per use)

all is tracked by branch: feature/access_log

fpietrosanti commented 10 years ago

Are the last success/failure access log displayed to the end-user (being the whistleblower,receiver or admin) so that the end-user know if something wrong is happening?

evilaliv3 commented 10 years ago

currently not. currently the giuscry patch simply logs the success/failure attempts but there is not glbackend API to access this data.

imoho, it's better to postpone the integration of this branch in a next release in order to give @giuscry a relaxed time to hack on globaleaks.

evilaliv3 commented 3 years ago

Current audit log implementation is tracking user access and failures: https://github.com/globaleaks/GlobaLeaks/issues/2579

The log still miss to track the user agent and the ip of the user.