summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Bugzilla.pm19
-rw-r--r--Bugzilla/Auth.pm1
-rw-r--r--Bugzilla/Bug.pm6
-rw-r--r--Bugzilla/User.pm13
-rw-r--r--extensions/AntiSpam/Extension.pm26
-rw-r--r--extensions/BMO/Extension.pm7
6 files changed, 39 insertions, 33 deletions
diff --git a/Bugzilla.pm b/Bugzilla.pm
index afaf77395..8a0ff2fd7 100644
--- a/Bugzilla.pm
+++ b/Bugzilla.pm
@@ -59,11 +59,13 @@ use Bugzilla::Metrics::Collector;
use Bugzilla::Metrics::Template;
use Bugzilla::Metrics::Memcached;
+use Date::Parse;
+use DateTime::TimeZone;
+use Encode;
use File::Basename;
use File::Spec::Functions;
-use DateTime::TimeZone;
-use Date::Parse;
use Safe;
+use Sys::Syslog qw(:DEFAULT);
#####################################################################
# Constants
@@ -659,6 +661,14 @@ sub local_timezone {
||= DateTime::TimeZone->new(name => 'local');
}
+# Send messages to syslog for the auditing systems (eg. mozdef) to pick up.
+sub audit {
+ my ($class, $message) = @_;
+ openlog('apache', 'cons,pid', 'local4');
+ syslog('notice', '[audit] ' . encode_utf8($message));
+ closelog();
+}
+
# This creates the request cache for non-mod_perl installations.
# This is identical to Install::Util::_cache so that things loaded
# into Install::Util::_cache during installation can be read out
@@ -1047,6 +1057,10 @@ this Bugzilla installation.
Tells you whether or not a specific feature is enabled. For names
of features, see C<OPTIONAL_MODULES> in C<Bugzilla::Install::Requirements>.
+=item C<audit>
+
+Feeds the provided message into our centralised auditing system.
+
=back
=head1 B<CACHING>
@@ -1126,4 +1140,3 @@ information.
=back
=back
-
diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm
index e9bd214fd..81b972ac5 100644
--- a/Bugzilla/Auth.pm
+++ b/Bugzilla/Auth.pm
@@ -243,6 +243,7 @@ sub _handle_login_result {
$template->process('email/lockout.txt.tmpl', $vars, \$message)
|| ThrowTemplateError($template->error);
MessageToMTA($message);
+ Bugzilla->audit(sprintf('<%s> triggered lockout of %s after %s attempts', $address, $user, $attempts));
}
$unlock_at->set_time_zone($user->timezone);
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm
index 042f9c801..76b845f71 100644
--- a/Bugzilla/Bug.pm
+++ b/Bugzilla/Bug.pm
@@ -1028,6 +1028,12 @@ sub update {
my @added_names = map { $new_groups{$_}->name } @$added_gr;
$changes->{'bug_group'} = [join(', ', @removed_names),
join(', ', @added_names)];
+
+ # we only audit when bugs protected with a secure-mail enabled group
+ # are made public
+ if (!scalar @{ $self->groups_in } && any { $old_groups{$_}->secure_mail } @$removed_gr) {
+ Bugzilla->audit(sprintf('%s made Bug %s public (%s)', $user->login, $self->id, $self->short_desc));
+ }
}
# Comments and comment tags
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index d72009629..b2f913266 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -182,6 +182,7 @@ sub _update_groups {
my $group_changes = shift;
my $changes = shift;
my $dbh = Bugzilla->dbh;
+ my $user = Bugzilla->user;
# Update group settings.
my $sth_add_mapping = $dbh->prepare(
@@ -203,14 +204,12 @@ sub _update_groups {
my ($removed, $added) = @{$group_changes->{$is_bless}};
foreach my $group (@$removed) {
- $sth_remove_mapping->execute(
- $self->id, $group->id, $is_bless, GRANT_DIRECT
- );
+ $sth_remove_mapping->execute($self->id, $group->id, $is_bless, GRANT_DIRECT);
+ Bugzilla->audit(sprintf('%s <%s> removed group %s from %s', $user->login, remote_ip(), $group->name, $self->login));
}
foreach my $group (@$added) {
- $sth_add_mapping->execute(
- $self->id, $group->id, $is_bless, GRANT_DIRECT
- );
+ $sth_add_mapping->execute($self->id, $group->id, $is_bless, GRANT_DIRECT);
+ Bugzilla->audit(sprintf('%s <%s> added group %s from %s', $user->login, remote_ip(), $group->name, $self->login));
}
if (! $is_bless) {
@@ -222,7 +221,7 @@ sub _update_groups {
$dbh->do(
$query, undef,
- $self->id, Bugzilla->user->id,
+ $self->id, $user->id,
get_field_id('bug_group'),
join(', ', map { $_->name } @$removed),
join(', ', map { $_->name } @$added)
diff --git a/extensions/AntiSpam/Extension.pm b/extensions/AntiSpam/Extension.pm
index 7e1823346..2abba291d 100644
--- a/extensions/AntiSpam/Extension.pm
+++ b/extensions/AntiSpam/Extension.pm
@@ -16,9 +16,7 @@ use Bugzilla::Error;
use Bugzilla::Group;
use Bugzilla::Util qw(remote_ip trick_taint);
use Email::Address;
-use Encode;
use Socket;
-use Sys::Syslog qw(:DEFAULT setlogsock);
our $VERSION = '1';
@@ -39,7 +37,7 @@ sub _project_honeypot_blocking {
return if $status != 127
|| $threat < Bugzilla->params->{honeypot_threat_threshold};
- _syslog(sprintf("[audit] blocked <%s> from creating %s, honeypot %s", $ip, $login, $honeypot));
+ Bugzilla->audit(sprintf("blocked <%s> from creating %s, honeypot %s", $ip, $login, $honeypot));
ThrowUserError('account_creation_restricted');
}
@@ -73,6 +71,7 @@ sub _comment_blocking {
my $regex = '\b(?:' . join('|', map { quotemeta } @$blocklist) . ')\b';
if ($params->{thetext} =~ /$regex/i) {
+ Bugzilla->audit(sprintf("blocked <%s> %s from commenting, blacklisted phrase", remote_ip(), $user->login));
ThrowUserError('antispam_comment_blocked');
}
}
@@ -90,7 +89,7 @@ sub _domain_blocking {
$address->host
);
if ($blocked) {
- _syslog(sprintf("[audit] blocked <%s> from creating %s, blacklisted domain", remote_ip(), $login));
+ Bugzilla->audit(sprintf("blocked <%s> from creating %s, blacklisted domain", remote_ip(), $login));
ThrowUserError('account_creation_restricted');
}
}
@@ -109,7 +108,7 @@ sub _ip_blocking {
$ip
);
if ($blocked) {
- _syslog(sprintf("[audit] blocked <%s> from creating %s, blacklisted IP", $ip, $login));
+ Bugzilla->audit(sprintf("blocked <%s> from creating %s, blacklisted IP", $ip, $login));
ThrowUserError('account_creation_restricted');
}
}
@@ -139,7 +138,7 @@ sub _cc_limit {
my $cc_count = ref($params->{$cc_field}) ? scalar(@{ $params->{$cc_field} }) : 1;
if ($cc_count > Bugzilla->params->{antispam_multi_user_limit_count}) {
- _syslog(sprintf("[audit] blocked <%s> from CC'ing %s users", Bugzilla->user->login, $cc_count));
+ Bugzilla->audit(sprintf("blocked <%s> from CC'ing %s users", Bugzilla->user->login, $cc_count));
delete $params->{$cc_field};
if (exists $params->{cc} && exists $params->{cc}->{add}) {
delete $params->{cc}->{add};
@@ -153,7 +152,7 @@ sub bug_set_flags {
my $flag_count = @{ $args->{new_flags} };
if ($flag_count > Bugzilla->params->{antispam_multi_user_limit_count}) {
- _syslog(sprintf("[audit] blocked <%s> from flaging %s users", Bugzilla->user->login, $flag_count));
+ Bugzilla->audit(sprintf("blocked <%s> from flaging %s users", Bugzilla->user->login, $flag_count));
# empty the arrayref
$#{ $args->{new_flags} } = -1;
}
@@ -230,7 +229,7 @@ sub comment_after_add_tag {
);
$author->set_disable_mail(1);
$author->update();
- _syslog(sprintf("[audit] antispam disabled <%s>: %s", $author->login, $reason));
+ Bugzilla->audit(sprintf("antispam disabled <%s>: %s", $author->login, $reason));
}
}
@@ -369,15 +368,4 @@ sub db_schema_abstract_schema {
};
}
-#
-# utilities
-#
-
-sub _syslog {
- my $message = shift;
- openlog('apache', 'cons,pid', 'local4');
- syslog('notice', encode_utf8($message));
- closelog();
-}
-
__PACKAGE__->NAME;
diff --git a/extensions/BMO/Extension.pm b/extensions/BMO/Extension.pm
index 3d46ead6b..ccf079b06 100644
--- a/extensions/BMO/Extension.pm
+++ b/extensions/BMO/Extension.pm
@@ -49,7 +49,7 @@ use File::MimeInfo::Magic;
use List::MoreUtils qw(natatime any);
use List::Util qw(first);
use Scalar::Util qw(blessed);
-use Sys::Syslog qw(:DEFAULT setlogsock);
+use Sys::Syslog qw(:DEFAULT);
use Text::Balanced qw( extract_bracketed extract_multiple );
use Bugzilla::Extension::BMO::Constants;
@@ -741,7 +741,7 @@ sub object_end_of_create {
my $user = $args->{object};
# Log real IP addresses for auditing
- _syslog(sprintf('[audit] <%s> created user %s', remote_ip(), $user->login));
+ Bugzilla->audit(sprintf('<%s> created user %s', remote_ip(), $user->login));
# Add default searches to new user's footer
my $dbh = Bugzilla->dbh;
@@ -762,8 +762,7 @@ sub object_end_of_create {
} elsif ($class eq 'Bugzilla::Bug') {
# Log real IP addresses for auditing
- _syslog(sprintf('[audit] %s <%s> created bug %s',
- Bugzilla->user->login, remote_ip(), $args->{object}->id));
+ Bugzilla->audit(sprintf('%s <%s> created bug %s', Bugzilla->user->login, remote_ip(), $args->{object}->id));
}
}