diff options
author | Byron Jones <glob@mozilla.com> | 2015-07-23 06:24:32 +0200 |
---|---|---|
committer | Byron Jones <glob@mozilla.com> | 2015-07-23 06:24:32 +0200 |
commit | e497100c07aa95e315c4c881d54cb88e57675e80 (patch) | |
tree | 4a1ac7448dfc1e0c7a5d8dc7352b7f5931eec36f | |
parent | 5f8b7d80c6d390d6eb135f8d8bb9f8662524a24b (diff) | |
download | bugzilla-e497100c07aa95e315c4c881d54cb88e57675e80.tar.gz bugzilla-e497100c07aa95e315c4c881d54cb88e57675e80.tar.xz |
Bug 1185823 - add additional [audit] syslog entries
-rw-r--r-- | Bugzilla.pm | 19 | ||||
-rw-r--r-- | Bugzilla/Auth.pm | 1 | ||||
-rw-r--r-- | Bugzilla/Bug.pm | 6 | ||||
-rw-r--r-- | Bugzilla/User.pm | 13 | ||||
-rw-r--r-- | extensions/AntiSpam/Extension.pm | 26 | ||||
-rw-r--r-- | extensions/BMO/Extension.pm | 7 |
6 files changed, 39 insertions, 33 deletions
diff --git a/Bugzilla.pm b/Bugzilla.pm index afaf77395..8a0ff2fd7 100644 --- a/Bugzilla.pm +++ b/Bugzilla.pm @@ -59,11 +59,13 @@ use Bugzilla::Metrics::Collector; use Bugzilla::Metrics::Template; use Bugzilla::Metrics::Memcached; +use Date::Parse; +use DateTime::TimeZone; +use Encode; use File::Basename; use File::Spec::Functions; -use DateTime::TimeZone; -use Date::Parse; use Safe; +use Sys::Syslog qw(:DEFAULT); ##################################################################### # Constants @@ -659,6 +661,14 @@ sub local_timezone { ||= DateTime::TimeZone->new(name => 'local'); } +# Send messages to syslog for the auditing systems (eg. mozdef) to pick up. +sub audit { + my ($class, $message) = @_; + openlog('apache', 'cons,pid', 'local4'); + syslog('notice', '[audit] ' . encode_utf8($message)); + closelog(); +} + # This creates the request cache for non-mod_perl installations. # This is identical to Install::Util::_cache so that things loaded # into Install::Util::_cache during installation can be read out @@ -1047,6 +1057,10 @@ this Bugzilla installation. Tells you whether or not a specific feature is enabled. For names of features, see C<OPTIONAL_MODULES> in C<Bugzilla::Install::Requirements>. +=item C<audit> + +Feeds the provided message into our centralised auditing system. + =back =head1 B<CACHING> @@ -1126,4 +1140,3 @@ information. =back =back - diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm index e9bd214fd..81b972ac5 100644 --- a/Bugzilla/Auth.pm +++ b/Bugzilla/Auth.pm @@ -243,6 +243,7 @@ sub _handle_login_result { $template->process('email/lockout.txt.tmpl', $vars, \$message) || ThrowTemplateError($template->error); MessageToMTA($message); + Bugzilla->audit(sprintf('<%s> triggered lockout of %s after %s attempts', $address, $user, $attempts)); } $unlock_at->set_time_zone($user->timezone); diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index 042f9c801..76b845f71 100644 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -1028,6 +1028,12 @@ sub update { my @added_names = map { $new_groups{$_}->name } @$added_gr; $changes->{'bug_group'} = [join(', ', @removed_names), join(', ', @added_names)]; + + # we only audit when bugs protected with a secure-mail enabled group + # are made public + if (!scalar @{ $self->groups_in } && any { $old_groups{$_}->secure_mail } @$removed_gr) { + Bugzilla->audit(sprintf('%s made Bug %s public (%s)', $user->login, $self->id, $self->short_desc)); + } } # Comments and comment tags diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm index d72009629..b2f913266 100644 --- a/Bugzilla/User.pm +++ b/Bugzilla/User.pm @@ -182,6 +182,7 @@ sub _update_groups { my $group_changes = shift; my $changes = shift; my $dbh = Bugzilla->dbh; + my $user = Bugzilla->user; # Update group settings. my $sth_add_mapping = $dbh->prepare( @@ -203,14 +204,12 @@ sub _update_groups { my ($removed, $added) = @{$group_changes->{$is_bless}}; foreach my $group (@$removed) { - $sth_remove_mapping->execute( - $self->id, $group->id, $is_bless, GRANT_DIRECT - ); + $sth_remove_mapping->execute($self->id, $group->id, $is_bless, GRANT_DIRECT); + Bugzilla->audit(sprintf('%s <%s> removed group %s from %s', $user->login, remote_ip(), $group->name, $self->login)); } foreach my $group (@$added) { - $sth_add_mapping->execute( - $self->id, $group->id, $is_bless, GRANT_DIRECT - ); + $sth_add_mapping->execute($self->id, $group->id, $is_bless, GRANT_DIRECT); + Bugzilla->audit(sprintf('%s <%s> added group %s from %s', $user->login, remote_ip(), $group->name, $self->login)); } if (! $is_bless) { @@ -222,7 +221,7 @@ sub _update_groups { $dbh->do( $query, undef, - $self->id, Bugzilla->user->id, + $self->id, $user->id, get_field_id('bug_group'), join(', ', map { $_->name } @$removed), join(', ', map { $_->name } @$added) diff --git a/extensions/AntiSpam/Extension.pm b/extensions/AntiSpam/Extension.pm index 7e1823346..2abba291d 100644 --- a/extensions/AntiSpam/Extension.pm +++ b/extensions/AntiSpam/Extension.pm @@ -16,9 +16,7 @@ use Bugzilla::Error; use Bugzilla::Group; use Bugzilla::Util qw(remote_ip trick_taint); use Email::Address; -use Encode; use Socket; -use Sys::Syslog qw(:DEFAULT setlogsock); our $VERSION = '1'; @@ -39,7 +37,7 @@ sub _project_honeypot_blocking { return if $status != 127 || $threat < Bugzilla->params->{honeypot_threat_threshold}; - _syslog(sprintf("[audit] blocked <%s> from creating %s, honeypot %s", $ip, $login, $honeypot)); + Bugzilla->audit(sprintf("blocked <%s> from creating %s, honeypot %s", $ip, $login, $honeypot)); ThrowUserError('account_creation_restricted'); } @@ -73,6 +71,7 @@ sub _comment_blocking { my $regex = '\b(?:' . join('|', map { quotemeta } @$blocklist) . ')\b'; if ($params->{thetext} =~ /$regex/i) { + Bugzilla->audit(sprintf("blocked <%s> %s from commenting, blacklisted phrase", remote_ip(), $user->login)); ThrowUserError('antispam_comment_blocked'); } } @@ -90,7 +89,7 @@ sub _domain_blocking { $address->host ); if ($blocked) { - _syslog(sprintf("[audit] blocked <%s> from creating %s, blacklisted domain", remote_ip(), $login)); + Bugzilla->audit(sprintf("blocked <%s> from creating %s, blacklisted domain", remote_ip(), $login)); ThrowUserError('account_creation_restricted'); } } @@ -109,7 +108,7 @@ sub _ip_blocking { $ip ); if ($blocked) { - _syslog(sprintf("[audit] blocked <%s> from creating %s, blacklisted IP", $ip, $login)); + Bugzilla->audit(sprintf("blocked <%s> from creating %s, blacklisted IP", $ip, $login)); ThrowUserError('account_creation_restricted'); } } @@ -139,7 +138,7 @@ sub _cc_limit { my $cc_count = ref($params->{$cc_field}) ? scalar(@{ $params->{$cc_field} }) : 1; if ($cc_count > Bugzilla->params->{antispam_multi_user_limit_count}) { - _syslog(sprintf("[audit] blocked <%s> from CC'ing %s users", Bugzilla->user->login, $cc_count)); + Bugzilla->audit(sprintf("blocked <%s> from CC'ing %s users", Bugzilla->user->login, $cc_count)); delete $params->{$cc_field}; if (exists $params->{cc} && exists $params->{cc}->{add}) { delete $params->{cc}->{add}; @@ -153,7 +152,7 @@ sub bug_set_flags { my $flag_count = @{ $args->{new_flags} }; if ($flag_count > Bugzilla->params->{antispam_multi_user_limit_count}) { - _syslog(sprintf("[audit] blocked <%s> from flaging %s users", Bugzilla->user->login, $flag_count)); + Bugzilla->audit(sprintf("blocked <%s> from flaging %s users", Bugzilla->user->login, $flag_count)); # empty the arrayref $#{ $args->{new_flags} } = -1; } @@ -230,7 +229,7 @@ sub comment_after_add_tag { ); $author->set_disable_mail(1); $author->update(); - _syslog(sprintf("[audit] antispam disabled <%s>: %s", $author->login, $reason)); + Bugzilla->audit(sprintf("antispam disabled <%s>: %s", $author->login, $reason)); } } @@ -369,15 +368,4 @@ sub db_schema_abstract_schema { }; } -# -# utilities -# - -sub _syslog { - my $message = shift; - openlog('apache', 'cons,pid', 'local4'); - syslog('notice', encode_utf8($message)); - closelog(); -} - __PACKAGE__->NAME; diff --git a/extensions/BMO/Extension.pm b/extensions/BMO/Extension.pm index 3d46ead6b..ccf079b06 100644 --- a/extensions/BMO/Extension.pm +++ b/extensions/BMO/Extension.pm @@ -49,7 +49,7 @@ use File::MimeInfo::Magic; use List::MoreUtils qw(natatime any); use List::Util qw(first); use Scalar::Util qw(blessed); -use Sys::Syslog qw(:DEFAULT setlogsock); +use Sys::Syslog qw(:DEFAULT); use Text::Balanced qw( extract_bracketed extract_multiple ); use Bugzilla::Extension::BMO::Constants; @@ -741,7 +741,7 @@ sub object_end_of_create { my $user = $args->{object}; # Log real IP addresses for auditing - _syslog(sprintf('[audit] <%s> created user %s', remote_ip(), $user->login)); + Bugzilla->audit(sprintf('<%s> created user %s', remote_ip(), $user->login)); # Add default searches to new user's footer my $dbh = Bugzilla->dbh; @@ -762,8 +762,7 @@ sub object_end_of_create { } elsif ($class eq 'Bugzilla::Bug') { # Log real IP addresses for auditing - _syslog(sprintf('[audit] %s <%s> created bug %s', - Bugzilla->user->login, remote_ip(), $args->{object}->id)); + Bugzilla->audit(sprintf('%s <%s> created bug %s', Bugzilla->user->login, remote_ip(), $args->{object}->id)); } } |