Commit Graph

38 Commits

Author SHA1 Message Date
Brian Kassouf b38eeec96a Add write deadline and a Reload function 2017-02-02 15:44:56 -08:00
Harrison Harnisch b09077c2d8 add socket audit backend 2017-02-02 14:21:48 -08:00
Brian Kassouf 6701ba8a10 Configure the request headers that are output to the audit log (#2321)
* Add /sys/config/audited-headers endpoint for configuring the headers that will be audited

* Remove some debug lines

* Add a persistant layer and refactor a bit

* update the api endpoints to be more restful

* Add comments and clean up a few functions

* Remove unneeded hash structure functionaility

* Fix existing tests

* Add tests

* Add test for Applying the header config

* Add Benchmark for the ApplyConfig method

* ResetTimer on the benchmark:

* Update the headers comment

* Add test for audit broker

* Use hyphens instead of camel case

* Add size paramater to the allocation of the result map

* Fix the tests for the audit broker

* PR feedback

* update the path and permissions on config/* paths

* Add docs file

* Fix TestSystemBackend_RootPaths test
2017-02-02 11:49:20 -08:00
Brian Nuszkowski db5e0bb3c3 Minor cleanup in audit backend (#2194) 2016-12-19 15:35:55 -05:00
Laura Bennett 0da9d1ac0c test updates to address feedback 2016-10-10 12:58:30 -04:00
Laura Bennett 962a383bfb address latest feedback 2016-10-10 11:58:26 -04:00
Laura Bennett 290ccee990 minor fix 2016-10-10 10:05:36 -04:00
Laura Bennett 9fc5a37e84 address feedback 2016-10-09 22:23:30 -04:00
Laura Bennett 05519a1267 adding unit tests for file mode 2016-10-09 00:33:24 -04:00
Laura Bennett 1b8d12fe82 changes for 'mode' 2016-10-08 19:52:49 -04:00
Laura Bennett 60ceea5532 initial commit for adding audit file permission changes 2016-10-07 15:09:32 -04:00
Jeff Mitchell 6d00f0c483 Adds HUP support for audit log files to close and reopen. (#1953)
Adds HUP support for audit log files to close and reopen. This makes it
much easier to deal with normal log rotation methods.

As part of testing this I noticed that HUP and other items that come out
of command/server.go are going to stderr, which is where our normal log
lines go. This isn't so much problematic with our normal output but as
we officially move to supporting other formats this can cause
interleaving issues, so I moved those to stdout instead.
2016-09-30 12:04:50 -07:00
Jeff Mitchell 0ff76e16d2 Transit and audit enhancements 2016-09-21 10:49:26 -04:00
Jeff Mitchell 638e61192a Actually show the error occurring if a file audit log can't be opened 2016-08-15 16:26:36 -04:00
Jeff Mitchell e925987cb6 Add token accessor to wrap information if one exists 2016-06-13 23:58:17 +00:00
vishalnayak 39a0c8e91f Read from 'path' to retain backward compatibility 2016-03-15 20:05:51 -04:00
vishalnayak 71fc07833f Rename id to path and path to file_path, print audit backend paths 2016-03-14 17:15:07 -04:00
Jeff Mitchell 9bfd24cd69 s/hash_accessor/hmac_accessor/g 2016-03-14 14:52:29 -04:00
vishalnayak ea108fba18 Use accessor being set as the condition to restore non-hashed values 2016-03-14 11:23:30 -04:00
vishalnayak e09819fedc Added hash_accessor option to audit backends 2016-03-11 19:28:06 -05:00
Jeff Mitchell 1c7157e632 Reintroduce the ability to look up obfuscated values in the audit log
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).

In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)

Fixes #784
2015-11-18 20:26:03 -05:00
Jeff Mitchell 80705b7963 If we fail to open a file path, show which it is in the error output 2015-10-30 14:30:21 -04:00
Jeff Mitchell 5dde76fa1c Expand HMAC support in Salt; require an identifier be passed in to specify type but allow generation with and without. Add a StaticSalt ID for testing functions. Fix bugs; unit tests pass. 2015-09-18 17:38:30 -04:00
Jeff Mitchell b655f6b858 Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash. 2015-09-18 17:38:22 -04:00
Jeff Mitchell 2098446d47 Ensure that the 'file' audit backend can successfully open its given path before returning success. Fixes #550. 2015-08-26 09:13:10 -07:00
Armon Dadgar 96d6455ef5 audit: properly restore TLS state 2015-07-08 16:45:15 -06:00
Armon Dadgar 12d3aee58e audit: fixing panic caused by tls connection state. Fixes #322 2015-06-29 17:16:17 -07:00
Nate Brown 4ec685dc1a Logging authentication errors and bad token usage 2015-06-18 18:30:18 -07:00
Armon Dadgar b07d0bc56f audit/file: Create file if it does not exist. Fixes #148 2015-05-06 11:33:06 -07:00
Armon Dadgar 848433a355 audit/file: add log_raw parameter and default to hashing 2015-04-27 15:56:41 -07:00
Armon Dadgar f01e14351a audit/syslog: switch defaults 2015-04-27 15:56:41 -07:00
Armon Dadgar de7a81a8fb audit/syslog: Copy structure before hashing to avoid breaking result 2015-04-27 15:56:40 -07:00
Armon Dadgar 1b659d41ff audit/syslog: Hash everything by default, optionally disable 2015-04-27 15:56:40 -07:00
Armon Dadgar bb1dd509d7 audit/syslog: first pass 2015-04-27 15:56:40 -07:00
Armon Dadgar 27c73da308 audit/file: Attempt to create directory path. Fixes #38 2015-04-27 12:40:32 -07:00
Mitchell Hashimoto ee2b113831 audit/file: append 2015-04-19 22:43:39 -07:00
Mitchell Hashimoto ef95d9a10e audit/file: use JSON formatter to write output 2015-04-13 14:12:14 -07:00
Mitchell Hashimoto 8bfa12297d builtin/audit: add file audit 2015-04-04 18:10:25 -07:00