Add auditing to local syslog from PVC client
This ensures that any client command is logged by the local system. Helps ensure Accounting for users of the CLI. Currently logs the full command executed along with the $USER environment variable contents.
This commit is contained in:
parent
c776aba8b3
commit
d68f6a945e
|
|
@ -28,8 +28,11 @@ import time
|
|||
import colorama
|
||||
import yaml
|
||||
import json
|
||||
import syslog
|
||||
import lxml.etree as etree
|
||||
|
||||
from sys import argv
|
||||
|
||||
from distutils.util import strtobool
|
||||
|
||||
from functools import wraps
|
||||
|
|
@ -51,6 +54,22 @@ default_store_data = {"cfgfile": "/etc/pvc/pvcapid.yaml"}
|
|||
config = dict()
|
||||
|
||||
|
||||
#
|
||||
# Audit function
|
||||
#
|
||||
def audit():
|
||||
args = argv
|
||||
args[0] = "pvc"
|
||||
syslog.openlog(facility=syslog.LOG_AUTH)
|
||||
syslog.syslog(
|
||||
'client audit: command "{}" by user "{}"'.format(
|
||||
" ".join(args),
|
||||
os.environ.get("USER", None),
|
||||
)
|
||||
)
|
||||
syslog.closelog()
|
||||
|
||||
|
||||
#
|
||||
# Version function
|
||||
#
|
||||
|
|
@ -5702,6 +5721,8 @@ def cli(_cluster, _debug, _quiet, _unsafe, _colour):
|
|||
)
|
||||
echo("", err=True)
|
||||
|
||||
audit()
|
||||
|
||||
|
||||
#
|
||||
# Click command tree
|
||||
|
|
|
|||
Loading…
Reference in New Issue