Add basic audit component to logger

Logs already: - Share events - Authentication events - User management events - File action events
author: Lukas Reschke <lukas@owncloud.com> 2016-06-08 15:25:44 +0200
committer: Lukas Reschke <lukas@owncloud.com> 2016-06-10 15:44:27 +0200
commit: c2571cca41ac97103531a900498cb7c6d3cd9b23 (patch)
tree: 734766ba2908ca02390d5944d1ff53227fe13ff4 /apps/admin_audit/appinfo
parent: 6c69cdf860b198d8953f6532d0363945370ddafd (diff)
download: nextcloud-server-c2571cca41ac97103531a900498cb7c6d3cd9b23.tar.gz
nextcloud-server-c2571cca41ac97103531a900498cb7c6d3cd9b23.zip
2 files changed, 160 insertions, 0 deletions
diff --git a/apps/admin_audit/appinfo/app.php b/apps/admin_audit/appinfo/app.php
new file mode 100644
index 00000000000..4418ada2ed0
--- /dev/null
+++ b/apps/admin_audit/appinfo/app.php
@@ -0,0 +1,142 @@
+<?php
+/**
+ * @author Lukas Reschke <lukas@statuscode.ch>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+$logger = \OC::$server->getLogger();
+
+logUserManagement(
+	$logger,
+	\OC::$server->getUserSession()
+);
+logFileActions($logger);
+logAuthEvents($logger);
+logShareEvents($logger);
+
+/**
+ * Logs sharing events
+ *
+ * @param \OCP\ILogger $logger
+ */
+function logShareEvents($logger) {
+	$shareActions = new \OCA\Admin_Audit\Actions\Sharing(
+		$logger
+	);
+
+	OCP\Util::connectHook('OCP\Share', 'post_shared', $shareActions, 'shared');
+	OCP\Util::connectHook('OCP\Share', 'post_unshare', $shareActions, 'unshare');
+	OCP\Util::connectHook('OCP\Share', 'post_update_permissions', $shareActions, 'updatePermissions');
+	OCP\Util::connectHook('OCP\Share', 'post_update_password', $shareActions, 'updatePassword');
+	OCP\Util::connectHook('OCP\Share', 'post_set_expiration_date', $shareActions, 'updateExpirationDate');
+	OCP\Util::connectHook('OCP\Share', 'share_link_access', $shareActions, 'shareAccessed');
+}
+
+/**
+ * Log authentication event related actions
+ *
+ * @param \OCP\ILogger $logger
+ */
+function logAuthEvents($logger) {
+	$authActions = new \OCA\Admin_Audit\Actions\Auth(
+		$logger
+	);
+	OCP\Util::connectHook('OC_User', 'pre_login', $authActions, 'loginAttempt');
+	OCP\Util::connectHook('OC_User', 'post_login', $authActions, 'loginSuccessful');
+	OCP\Util::connectHook('OC_User', 'logout', $authActions, 'logout');
+}
+
+/**
+ * Log user management related actions
+ *
+ * @param \OCP\ILogger $logger
+ * @param \OC\User\Session $userSession
+ */
+function logUserManagement($logger, $userSession) {
+	$userActions = new \OCA\Admin_Audit\Actions\UserManagement(
+		$logger
+	);
+
+	OCP\Util::connectHook(
+		'OC_User',
+		'post_createUser',
+		$userActions,
+		'create'
+	);
+	OCP\Util::connectHook(
+		'OC_User',
+		'post_deleteUser',
+		$userActions,
+		'delete'
+	);
+	$userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']);
+}
+
+/**
+ * Log file related actions
+ *
+ * @param \OCP\ILogger $logger
+ */
+function logFileActions($logger) {
+	$fileActions = new \OCA\Admin_Audit\Actions\Files(
+		$logger
+	);
+
+	OCP\Util::connectHook(
+		OC\Files\Filesystem::CLASSNAME,
+		OC\Files\Filesystem::signal_post_rename,
+		$fileActions,
+		'rename'
+	);
+	OCP\Util::connectHook(
+		OC\Files\Filesystem::CLASSNAME,
+		OC\Files\Filesystem::signal_post_create,
+		$fileActions,
+		'create'
+	);
+	OCP\Util::connectHook(
+		OC\Files\Filesystem::CLASSNAME,
+		OC\Files\Filesystem::signal_post_copy,
+		$fileActions,
+		'copy'
+	);
+	OCP\Util::connectHook(
+		OC\Files\Filesystem::CLASSNAME,
+		OC\Files\Filesystem::signal_post_write,
+		$fileActions,
+		'write'
+	);
+	OCP\Util::connectHook(
+		OC\Files\Filesystem::CLASSNAME,
+		OC\Files\Filesystem::signal_post_update,
+		$fileActions,
+		'update'
+	);
+	OCP\Util::connectHook(
+		OC\Files\Filesystem::CLASSNAME,
+		OC\Files\Filesystem::signal_read,
+		$fileActions,
+		'read'
+	);
+	OCP\Util::connectHook(
+		OC\Files\Filesystem::CLASSNAME,
+		OC\Files\Filesystem::signal_delete,
+		$fileActions,
+		'delete'
+	);
+}
diff --git a/apps/admin_audit/appinfo/info.xml b/apps/admin_audit/appinfo/info.xml
new file mode 100644
index 00000000000..74fc880c881
--- /dev/null
+++ b/apps/admin_audit/appinfo/info.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0"?>
+<info>
+	<id>admin_audit</id>
+	<name>Auditing / Logging</name>
+	<description>Provides logging abilities for Nextcloud such as logging file
+				accesses or otherwise sensitive actions.
+	</description>
+	<licence>AGPL</licence>
+	<author>Nextcloud</author>
+	<version>1.0.0</version>
+	<dependencies>
+		<owncloud min-version="9.0" max-version="9.1" />
+	</dependencies>
+	<types>
+		<logging/>
+	</types>
+	<default_enable/>
+</info>
author	Lukas Reschke <lukas@owncloud.com>	2016-06-08 15:25:44 +0200
committer	Lukas Reschke <lukas@owncloud.com>	2016-06-10 15:44:27 +0200
commit	c2571cca41ac97103531a900498cb7c6d3cd9b23 (patch)
tree	734766ba2908ca02390d5944d1ff53227fe13ff4 /apps/admin_audit/appinfo
parent	6c69cdf860b198d8953f6532d0363945370ddafd (diff)
download	nextcloud-server-c2571cca41ac97103531a900498cb7c6d3cd9b23.tar.gz nextcloud-server-c2571cca41ac97103531a900498cb7c6d3cd9b23.zip