mirror of https://github.com/MISP/MISP
Merge branch 'develop' of github.com:MISP/MISP into develop
commit
8267d80e15
|
@ -1523,16 +1523,16 @@ INSERT IGNORE INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `pe
|
|||
VALUES (2, 'Org Admin', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0);
|
||||
|
||||
INSERT IGNORE INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `perm_decaying`, `default_role`)
|
||||
VALUES (3, 'User', NOW(), NOW(), 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1);
|
||||
VALUES (3, 'User', NOW(), NOW(), 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1);
|
||||
|
||||
INSERT IGNORE INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `perm_decaying`, `default_role`)
|
||||
VALUES (4, 'Publisher', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 0);
|
||||
VALUES (4, 'Publisher', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 0);
|
||||
|
||||
INSERT IGNORE INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `perm_decaying`, `default_role`)
|
||||
VALUES (5, 'Sync user', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0);
|
||||
VALUES (5, 'Sync user', NOW(), NOW(), 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0);
|
||||
|
||||
INSERT IGNORE INTO `roles` (`id`, `name`, `created`, `modified`, `perm_add`, `perm_modify`, `perm_modify_org`, `perm_publish`, `perm_publish_zmq`, `perm_publish_kafka`, `perm_sync`, `perm_admin`, `perm_audit`, `perm_full`, `perm_auth`, `perm_regexp_access`, `perm_tagger`, `perm_site_admin`, `perm_template`, `perm_sharing_group`, `perm_tag_editor`, `perm_delegate`, `perm_sighting`, `perm_object_template`, `perm_decaying`, `default_role`)
|
||||
VALUES (6, 'Read Only', NOW(), NOW(), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
|
||||
VALUES (6, 'Read Only', NOW(), NOW(), 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
|
||||
|
||||
-- --------------------------------------------------------
|
||||
|
||||
|
|
|
@ -384,7 +384,8 @@ class ACLComponent extends Component
|
|||
'event_index' => array('*'),
|
||||
'returnDates' => array('*'),
|
||||
'testForStolenAttributes' => array(),
|
||||
'pruneUpdateLogs' => array()
|
||||
'pruneUpdateLogs' => array(),
|
||||
'index' => array('perm_audit')
|
||||
),
|
||||
'auditLogs' => [
|
||||
'admin_index' => ['perm_audit'],
|
||||
|
|
|
@ -28,7 +28,7 @@ class LogsController extends AppController
|
|||
}
|
||||
}
|
||||
|
||||
public function admin_index()
|
||||
public function index()
|
||||
{
|
||||
$paramArray = array('id', 'title', 'created', 'model', 'model_id', 'action', 'user_id', 'change', 'email', 'org', 'description', 'ip');
|
||||
$filterData = array(
|
||||
|
@ -71,8 +71,15 @@ class LogsController extends AppController
|
|||
}
|
||||
}
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
// no filtering for SiteAdmin
|
||||
}
|
||||
else if (!$this->_isSiteAdmin() && $this->_isAdmin()) {
|
||||
// ORG admins can see their own org info
|
||||
$orgRestriction = $this->Auth->user('Organisation')['name'];
|
||||
$conditions['AND']['Log.org'] = $orgRestriction;
|
||||
$conditions['Log.org'] = $orgRestriction;
|
||||
} else {
|
||||
// users can see their own info
|
||||
$conditions['Log.email'] = $this->Auth->user('email');
|
||||
}
|
||||
$params = array(
|
||||
'conditions' => $conditions,
|
||||
|
@ -90,12 +97,18 @@ class LogsController extends AppController
|
|||
$this->set('isSearch', 0);
|
||||
$this->recursive = 0;
|
||||
$validFilters = $this->Log->logMeta;
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
if ($this->_isSiteAdmin()) {
|
||||
$validFilters = array_merge_recursive($validFilters, $this->Log->logMetaAdmin);
|
||||
}
|
||||
else if (!$this->_isSiteAdmin() && $this->_isAdmin()) {
|
||||
// ORG admins can see their own org info
|
||||
$orgRestriction = $this->Auth->user('Organisation')['name'];
|
||||
$conditions['Log.org'] = $orgRestriction;
|
||||
$this->paginate['conditions'] = $conditions;
|
||||
} else {
|
||||
$validFilters = array_merge_recursive($validFilters, $this->Log->logMetaAdmin);
|
||||
// users can see their own info
|
||||
$conditions['Log.email'] = $this->Auth->user('email');
|
||||
$this->paginate['conditions'] = $conditions;
|
||||
}
|
||||
if (isset($this->params['named']['filter']) && in_array($this->params['named']['filter'], array_keys($validFilters))) {
|
||||
$this->paginate['conditions']['Log.action'] = $validFilters[$this->params['named']['filter']]['values'];
|
||||
|
@ -112,6 +125,12 @@ class LogsController extends AppController
|
|||
}
|
||||
}
|
||||
|
||||
public function admin_index()
|
||||
{
|
||||
$this->view = 'index';
|
||||
$this->index();
|
||||
}
|
||||
|
||||
// Shows a minimalistic history for the currently selected event
|
||||
public function event_index($id, $org = null)
|
||||
{
|
||||
|
@ -313,7 +332,7 @@ class LogsController extends AppController
|
|||
}
|
||||
|
||||
// set the same view as the index page
|
||||
$this->render('admin_index');
|
||||
$this->render('index');
|
||||
}
|
||||
} else {
|
||||
// get from Session
|
||||
|
|
|
@ -83,7 +83,7 @@ class AppModel extends Model
|
|||
81 => false, 82 => false, 83 => false, 84 => false, 85 => false, 86 => false,
|
||||
87 => false, 88 => false, 89 => false, 90 => false, 91 => false, 92 => false,
|
||||
93 => false, 94 => false, 95 => true, 96 => false, 97 => true, 98 => false,
|
||||
99 => false, 100 => false, 101 => false
|
||||
99 => false, 100 => false, 101 => false, 102 => false
|
||||
);
|
||||
|
||||
const ADVANCED_UPDATES_DESCRIPTION = array(
|
||||
|
@ -1997,6 +1997,9 @@ class AppModel extends Model
|
|||
}
|
||||
}
|
||||
break;
|
||||
case 102:
|
||||
$sqlArray[] = "UPDATE roles SET perm_audit = 1;";
|
||||
break;
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
|
|
|
@ -12,17 +12,19 @@ class Bruteforce extends AppModel
|
|||
$ip = $this->_remoteIp();
|
||||
$expire = Configure::check('SecureAuth.expire') ? Configure::read('SecureAuth.expire') : 300;
|
||||
$amount = Configure::check('SecureAuth.amount') ? Configure::read('SecureAuth.amount') : 5;
|
||||
$expire = time() + $expire;
|
||||
$expire = date('Y-m-d H:i:s', $expire);
|
||||
$expireTime = time() + $expire;
|
||||
$expireTime = date('Y-m-d H:i:s', $expireTime);
|
||||
$bruteforceEntry = array(
|
||||
'ip' => $ip,
|
||||
'username' => trim(strtolower($username)),
|
||||
'expire' => $expire
|
||||
'expire' => $expireTime
|
||||
);
|
||||
$this->save($bruteforceEntry);
|
||||
$title = 'Failed login attempt using username ' . $username . ' from IP: ' . $ip . '.';
|
||||
if ($this->isBlocklisted($username)) {
|
||||
$title .= 'This has tripped the bruteforce protection after ' . $amount . ' failed attempts. The user is now blocklisted for ' . $expire . ' seconds.';
|
||||
$change = 'This has tripped the bruteforce protection after ' . $amount . ' failed attempts. The user is now blocklisted for ' . $expire . ' seconds.';
|
||||
} else {
|
||||
$change = '';
|
||||
}
|
||||
$log = array(
|
||||
'org' => 'SYSTEM',
|
||||
|
@ -30,7 +32,8 @@ class Bruteforce extends AppModel
|
|||
'model_id' => 0,
|
||||
'email' => $username,
|
||||
'action' => 'login_fail',
|
||||
'title' => $title
|
||||
'title' => $title,
|
||||
'change' => $change
|
||||
);
|
||||
$this->Log->save($log);
|
||||
}
|
||||
|
|
|
@ -1093,25 +1093,29 @@ $divider = $this->element('/genericElements/SideMenu/side_menu_divider');
|
|||
|
||||
case 'logs':
|
||||
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
|
||||
'url' => $baseurl . '/admin/logs/index',
|
||||
'url' => $baseurl . '/logs/index',
|
||||
'text' => __('Application Logs')
|
||||
));
|
||||
if (Configure::read('MISP.log_new_audit')) {
|
||||
if (Configure::read('MISP.log_new_audit') && $isAdmin) {
|
||||
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
|
||||
'element_id' => 'listAuditLogs',
|
||||
'url' => $baseurl . '/admin/audit_logs/index',
|
||||
'text' => __('Audit Logs'),
|
||||
));
|
||||
}
|
||||
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
|
||||
'element_id' => 'listAccessLogs',
|
||||
'url' => $baseurl . '/admin/access_logs/index',
|
||||
'text' => __('Access Logs'),
|
||||
));
|
||||
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
|
||||
'url' => $baseurl . '/admin/logs/search',
|
||||
'text' => __('Search Logs')
|
||||
));
|
||||
if ($isSiteAdmin) {
|
||||
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
|
||||
'element_id' => 'listAccessLogs',
|
||||
'url' => $baseurl . '/admin/access_logs/index',
|
||||
'text' => __('Access Logs'),
|
||||
));
|
||||
}
|
||||
if ($isAdmin) {
|
||||
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
|
||||
'url' => $baseurl . '/admin/logs/search',
|
||||
'text' => __('Search Logs')
|
||||
));
|
||||
}
|
||||
break;
|
||||
|
||||
case 'threads':
|
||||
|
|
|
@ -487,20 +487,22 @@
|
|||
'children' => array(
|
||||
array(
|
||||
'text' => __('Application Logs'),
|
||||
'url' => $baseurl . '/admin/logs/index'
|
||||
'url' => $baseurl . '/logs/index'
|
||||
),
|
||||
array(
|
||||
'text' => __('Audit Logs'),
|
||||
'url' => $baseurl . '/admin/audit_logs/index',
|
||||
'requirement' => Configure::read('MISP.log_new_audit'),
|
||||
'requirement' => Configure::read('MISP.log_new_audit') && $isAdmin,
|
||||
),
|
||||
array(
|
||||
'text' => __('Access Logs'),
|
||||
'url' => $baseurl . '/admin/access_logs/index',
|
||||
'requirement' => $isSiteAdmin
|
||||
),
|
||||
array(
|
||||
'text' => __('Search Logs'),
|
||||
'url' => $baseurl . '/admin/logs/search',
|
||||
'requirement' => $isAdmin
|
||||
)
|
||||
)
|
||||
),
|
||||
|
|
|
@ -46,12 +46,12 @@
|
|||
'text' => h($filterData['name']),
|
||||
'title' => __('Modify filters'),
|
||||
'active' => isset($filter) && $filterName === $filter,
|
||||
'url' => $baseurl . '/admin/logs/index/filter:' . h($filterName)
|
||||
'url' => $baseurl . '/logs/index/filter:' . h($filterName)
|
||||
);
|
||||
}
|
||||
$data['children'][0]['children'][] = array(
|
||||
'requirement' => !empty($filter),
|
||||
'url' => $baseurl . '/admin/logs/index',
|
||||
'url' => $baseurl . '/logs/index',
|
||||
'title' => __('Remove filters'),
|
||||
'fa-icon' => 'times'
|
||||
);
|
||||
|
@ -75,7 +75,7 @@
|
|||
<td class="short"><?php echo h($item['Log']['id']); ?> </td>
|
||||
<?php
|
||||
if (Configure::read('MISP.log_client_ip')) {
|
||||
echo '<td>';
|
||||
echo '<td class="short">';
|
||||
if (isset($ipSearch) && $ipSearch != null) echo nl2br($this->Highlight->highlighter(h($item['Log']['ip']), $ipSearchReplacePairs));
|
||||
else echo h($item['Log']['ip']);
|
||||
echo '</td>';
|
||||
|
@ -97,7 +97,7 @@
|
|||
<td class="short"><?php
|
||||
if (isset($actionSearch) && $actionSearch != "ALL") echo nl2br($this->Highlight->highlighter(h($item['Log']['action']), $actionSearchReplacePairs));
|
||||
else echo (h($item['Log']['action'])); ?> </td>
|
||||
<td class="short"><?php
|
||||
<td><?php
|
||||
if (isset($titleSearch) && $titleSearch != null) echo nl2br($this->Highlight->highlighter(h($item['Log']['title']), $titleSearchReplacePairs));
|
||||
else echo nl2br(h($item['Log']['title'])); ?> </td>
|
||||
<td><?php
|
|
@ -130,7 +130,7 @@
|
|||
'js' => array('vis', 'jquery-ui.min', 'network-distribution-graph')
|
||||
));
|
||||
echo sprintf(
|
||||
'<div class="users view"><div class="row-fluid"><div class="span8" style="margin:0px;">%s</div></div>%s<div style="margin-top:20px;">%s%s</div></div>',
|
||||
'<div class="users view"><div class="row-fluid"><div class="span8" style="margin:0px;">%s</div></div>%s%s<div style="margin-top:20px;">%s%s</div></div>',
|
||||
sprintf(
|
||||
'<h2>%s</h2>%s',
|
||||
__('User %s', h($user['User']['email'])),
|
||||
|
@ -145,6 +145,14 @@
|
|||
),
|
||||
__('Download user profile for data portability')
|
||||
),
|
||||
sprintf(
|
||||
' <a href="%s" class="btn btn-inverse">%s</a>',
|
||||
sprintf(
|
||||
'%s/logs/index',
|
||||
$baseurl
|
||||
),
|
||||
__('Review user logs')
|
||||
),
|
||||
$me['Role']['perm_auth'] ? $this->element('/genericElements/accordion', array('title' => __('Auth keys'), 'url' => '/auth_keys/index/' . h($user['User']['id']))) : '',
|
||||
$this->element('/genericElements/accordion', array('title' => 'Events', 'url' => '/events/index/searchemail:' . urlencode(h($user['User']['email']))))
|
||||
);
|
||||
|
|
Loading…
Reference in New Issue