Add auditing to local syslog from PVC client

This ensures that any client command is logged by the local system.
Helps ensure Accounting for users of the CLI. Currently logs the full
command executed along with the $USER environment variable contents.
This commit is contained in:
Joshua Boniface 2021-12-10 16:17:33 -05:00
parent 6ccd19e636
commit 3ce4d90693
1 changed files with 21 additions and 0 deletions

View File

@ -28,8 +28,11 @@ import time
import colorama import colorama
import yaml import yaml
import json import json
import syslog
import lxml.etree as etree import lxml.etree as etree
from sys import argv
from distutils.util import strtobool from distutils.util import strtobool
from functools import wraps from functools import wraps
@ -51,6 +54,22 @@ default_store_data = {"cfgfile": "/etc/pvc/pvcapid.yaml"}
config = dict() config = dict()
#
# Audit function
#
def audit():
args = argv
args[0] = "pvc"
syslog.openlog(facility=syslog.LOG_AUTH)
syslog.syslog(
'client audit: command "{}" by user "{}"'.format(
" ".join(args),
os.environ.get("USER", None),
)
)
syslog.closelog()
# #
# Version function # Version function
# #
@ -5702,6 +5721,8 @@ def cli(_cluster, _debug, _quiet, _unsafe, _colour):
) )
echo("", err=True) echo("", err=True)
audit()
# #
# Click command tree # Click command tree