Add auditing to local syslog from PVC client
This ensures that any client command is logged by the local system. Helps ensure Accounting for users of the CLI. Currently logs the full command executed along with the $USER environment variable contents.
This commit is contained in:
parent
6ccd19e636
commit
3ce4d90693
|
@ -28,8 +28,11 @@ import time
|
||||||
import colorama
|
import colorama
|
||||||
import yaml
|
import yaml
|
||||||
import json
|
import json
|
||||||
|
import syslog
|
||||||
import lxml.etree as etree
|
import lxml.etree as etree
|
||||||
|
|
||||||
|
from sys import argv
|
||||||
|
|
||||||
from distutils.util import strtobool
|
from distutils.util import strtobool
|
||||||
|
|
||||||
from functools import wraps
|
from functools import wraps
|
||||||
|
@ -51,6 +54,22 @@ default_store_data = {"cfgfile": "/etc/pvc/pvcapid.yaml"}
|
||||||
config = dict()
|
config = dict()
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Audit function
|
||||||
|
#
|
||||||
|
def audit():
|
||||||
|
args = argv
|
||||||
|
args[0] = "pvc"
|
||||||
|
syslog.openlog(facility=syslog.LOG_AUTH)
|
||||||
|
syslog.syslog(
|
||||||
|
'client audit: command "{}" by user "{}"'.format(
|
||||||
|
" ".join(args),
|
||||||
|
os.environ.get("USER", None),
|
||||||
|
)
|
||||||
|
)
|
||||||
|
syslog.closelog()
|
||||||
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Version function
|
# Version function
|
||||||
#
|
#
|
||||||
|
@ -5702,6 +5721,8 @@ def cli(_cluster, _debug, _quiet, _unsafe, _colour):
|
||||||
)
|
)
|
||||||
echo("", err=True)
|
echo("", err=True)
|
||||||
|
|
||||||
|
audit()
|
||||||
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Click command tree
|
# Click command tree
|
||||||
|
|
Loading…
Reference in New Issue