mirror of https://github.com/MISP/MISP
commit
a3661fdcbd
|
@ -1 +1 @@
|
|||
{"major":2, "minor":3, "hotfix":151}
|
||||
{"major":2, "minor":3, "hotfix":152}
|
|
@ -107,13 +107,39 @@ class AppController extends Controller {
|
|||
if ($user) {
|
||||
unset($user['User']['gpgkey']);
|
||||
// User found in the db, add the user info to the session
|
||||
if (Configure::read('MISP.log_auth')) {
|
||||
$this->Log = ClassRegistry::init('Log');
|
||||
$this->Log->create();
|
||||
$log = array(
|
||||
'org' => $user['User']['org'],
|
||||
'model' => 'User',
|
||||
'model_id' => $user['User']['id'],
|
||||
'email' => $user['User']['email'],
|
||||
'action' => 'auth',
|
||||
'title' => 'Successful authentication using API key',
|
||||
'change' => 'HTTP method: ' . $_SERVER['REQUEST_METHOD'] . PHP_EOL . 'Target: ' . $this->here,
|
||||
);
|
||||
$this->Log->save($log);
|
||||
}
|
||||
$this->Session->renew();
|
||||
$this->Session->write(AuthComponent::$sessionKey, $user['User']);
|
||||
$this->Session->write(AuthComponent::$sessionKey, $user['User']);
|
||||
} else {
|
||||
// User not authenticated correctly
|
||||
// reset the session information
|
||||
$this->Session->destroy();
|
||||
throw new ForbiddenException('The authentication key provided cannot be used for syncing.');
|
||||
$this->Log = ClassRegistry::init('Log');
|
||||
$this->Log->create();
|
||||
$log = array(
|
||||
'org' => 'SYSTEM',
|
||||
'model' => 'User',
|
||||
'model_id' => 0,
|
||||
'email' => 'SYSTEM',
|
||||
'action' => 'auth_fail',
|
||||
'title' => 'Failed authentication using API key (' . trim($auth_key) . ')',
|
||||
'change' => null,
|
||||
);
|
||||
$this->Log->save($log);
|
||||
throw new ForbiddenException('Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header.');
|
||||
}
|
||||
unset($user);
|
||||
}
|
||||
|
|
|
@ -30,6 +30,18 @@ class SecureAuthComponent extends AuthComponent {
|
|||
$user = $this->identify($this->request, $this->response);
|
||||
unset($user['gpgkey']);
|
||||
if ($user === false) {
|
||||
$this->Log = ClassRegistry::init('Log');
|
||||
$this->Log->create();
|
||||
$log = array(
|
||||
'org' => 'SYSTEM',
|
||||
'model' => 'User',
|
||||
'model_id' => 0,
|
||||
'email' => $username,
|
||||
'action' => 'login_fail',
|
||||
'title' => 'Failed login attempt',
|
||||
'change' => null,
|
||||
);
|
||||
$this->Log->save($log);
|
||||
// insert row in Bruteforce table
|
||||
$this->Bruteforce->insert($_SERVER['REMOTE_ADDR'], $username);
|
||||
// do nothing as user is not logged in
|
||||
|
|
|
@ -154,6 +154,7 @@ class LogsController extends AppController {
|
|||
$action = $this->request->data['Log']['action'];
|
||||
$title = $this->request->data['Log']['title'];
|
||||
$change = $this->request->data['Log']['change'];
|
||||
if (Configure::read('MISP.log_client_ip')) $ip = $this->request->data['Log']['ip'];
|
||||
|
||||
// for info on what was searched for
|
||||
$this->set('emailSearch', $email);
|
||||
|
@ -161,6 +162,7 @@ class LogsController extends AppController {
|
|||
$this->set('actionSearch', $action);
|
||||
$this->set('titleSearch', $title);
|
||||
$this->set('changeSearch', $change);
|
||||
if (Configure::read('MISP.log_client_ip')) $this->set('ipSearch', $ip);
|
||||
$this->set('isSearch', 1);
|
||||
|
||||
// search the db
|
||||
|
@ -180,6 +182,9 @@ class LogsController extends AppController {
|
|||
if (isset($change) && !empty($change)) {
|
||||
$conditions['LOWER(Log.change) LIKE'] = '%' . strtolower($change) . '%';
|
||||
}
|
||||
if (Configure::read('MISP.log_client_ip') && isset($ip) && !empty($ip)) {
|
||||
$conditions['Log.ip LIKE'] = '%' . $ip . '%';
|
||||
}
|
||||
$this->{$this->defaultModel}->recursive = 0;
|
||||
$this->paginate = array(
|
||||
'limit' => 60,
|
||||
|
@ -195,6 +200,7 @@ class LogsController extends AppController {
|
|||
$this->Session->write('paginate_conditions_log_action', $action);
|
||||
$this->Session->write('paginate_conditions_log_title', $title);
|
||||
$this->Session->write('paginate_conditions_log_change', $change);
|
||||
if (Configure::read('MISP.log_client_ip')) $this->Session->write('paginate_conditions_log_ip', $ip);
|
||||
|
||||
// set the same view as the index page
|
||||
$this->render('admin_index');
|
||||
|
@ -215,6 +221,7 @@ class LogsController extends AppController {
|
|||
$action = $this->Session->read('paginate_conditions_log_action');
|
||||
$title = $this->Session->read('paginate_conditions_log_title');
|
||||
$change = $this->Session->read('paginate_conditions_log_change');
|
||||
if (Configure::read('MISP.log_client_ip')) $ip = $this->Session->read('paginate_conditions_log_ip');
|
||||
|
||||
// for info on what was searched for
|
||||
$this->set('emailSearch', $email);
|
||||
|
@ -222,6 +229,7 @@ class LogsController extends AppController {
|
|||
$this->set('actionSearch', $action);
|
||||
$this->set('titleSearch', $title);
|
||||
$this->set('changeSearch', $change);
|
||||
if (Configure::read('MISP.log_client_ip')) $this->set('ipSearch', $ip);
|
||||
$this->set('isSearch', 1);
|
||||
|
||||
// re-get pagination
|
||||
|
|
|
@ -76,6 +76,9 @@ class AppModel extends Model {
|
|||
$sql = 'DELETE FROM `cake_sessions` WHERE `expires` < ' . time() . ';';
|
||||
$clean = false;
|
||||
break;
|
||||
case 'addIPLogging':
|
||||
$sql = 'ALTER TABLE `logs` ADD `ip` varchar(45) COLLATE utf8_bin DEFAULT NULL;';
|
||||
break;
|
||||
default:
|
||||
return false;
|
||||
break;
|
||||
|
|
|
@ -1028,7 +1028,7 @@ class Event extends AppModel {
|
|||
}
|
||||
|
||||
private function attachEventInfoToAttributes($attributes, $isSiteAdmin) {
|
||||
$TLs = $this->ThreatLevel->find('all', array(
|
||||
$TLs = $this->ThreatLevel->find('list', array(
|
||||
'recursive' => -1,
|
||||
));
|
||||
$event_ids = array();
|
||||
|
@ -1059,7 +1059,7 @@ class Event extends AppModel {
|
|||
foreach ($attributes as &$attribute) {
|
||||
foreach ($context_fields as $field => $header_name) {
|
||||
if ($header_name == 'event_threat_level_id') {
|
||||
$attribute['Attribute'][$header_name] = $TLs[$event_id_data[$attribute['Attribute']['event_id']][$header_name]]['ThreatLevel']['name'];
|
||||
$attribute['Attribute'][$header_name] = $TLs[$event_id_data[$attribute['Attribute']['event_id']][$header_name]];
|
||||
} else if ($header_name == 'event_distribution') {
|
||||
$attribute['Attribute'][$header_name] = $this->distributionLevels[$event_id_data[$attribute['Attribute']['event_id']][$header_name]];
|
||||
} else if ($header_name == 'event_analysis') {
|
||||
|
|
|
@ -12,6 +12,7 @@ class Log extends AppModel {
|
|||
'action' => array(
|
||||
'rule' => array('inList', array(
|
||||
'login',
|
||||
'login_fail',
|
||||
'logout',
|
||||
'add',
|
||||
'edit',
|
||||
|
@ -30,6 +31,8 @@ class Log extends AppModel {
|
|||
'upload_sample',
|
||||
'update_database',
|
||||
'version_warning',
|
||||
'auth',
|
||||
'auth_fail'
|
||||
)),
|
||||
'message' => 'Options : ...'
|
||||
)
|
||||
|
@ -45,6 +48,11 @@ class Log extends AppModel {
|
|||
'publish' => array('desc' => "Publish action", 'formdesc' => "Publish action")
|
||||
);
|
||||
|
||||
public function beforeSave($options = array()) {
|
||||
if (Configure::read('MISP.log_client_ip') && isset($_SERVER['REMOTE_ADDR'])) $this->data['Log']['ip'] = $_SERVER['REMOTE_ADDR'];
|
||||
return true;
|
||||
}
|
||||
|
||||
public function returnDates($org = 'all') {
|
||||
$conditions = array();
|
||||
if ($org !== 'all') $conditions['org'] = $org;
|
||||
|
|
|
@ -412,7 +412,24 @@ class Server extends AppModel {
|
|||
'type' => 'boolean',
|
||||
'test' => 'testBool',
|
||||
'beforeHook' => 'eventBlacklistingBeforeHook'
|
||||
)
|
||||
),
|
||||
'log_client_ip' => array(
|
||||
'level' => 1,
|
||||
'description' => 'If enabled, all log entries will include the IP address of the user.',
|
||||
'value' => false,
|
||||
'errorMessage' => '',
|
||||
'test' => 'testBool',
|
||||
'type' => 'boolean',
|
||||
'beforeHook' => 'ipLogBeforeHook'
|
||||
),
|
||||
'log_auth' => array(
|
||||
'level' => 1,
|
||||
'description' => 'If enabled, MISP will log all successful authentications using API keys. The requested URLs are also logged.',
|
||||
'value' => false,
|
||||
'errorMessage' => '',
|
||||
'test' => 'testBool',
|
||||
'type' => 'boolean',
|
||||
),
|
||||
),
|
||||
'GnuPG' => array(
|
||||
'branch' => 1,
|
||||
|
@ -463,7 +480,7 @@ class Server extends AppModel {
|
|||
'errorMessage' => '',
|
||||
'test' => 'testForEmpty',
|
||||
'type' => 'string',
|
||||
),
|
||||
)
|
||||
),
|
||||
'Proxy' => array(
|
||||
'branch' => 1,
|
||||
|
@ -1318,6 +1335,15 @@ class Server extends AppModel {
|
|||
return true;
|
||||
}
|
||||
|
||||
public function ipLogBeforeHook($setting, $value) {
|
||||
if ($setting == 'MISP.log_client_ip') {
|
||||
if ($value == true) {
|
||||
$this->updateDatabase('addIPLogging');
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
public function eventBlacklistingBeforeHook($setting, $value) {
|
||||
$this->cleanCacheFiles();
|
||||
if ($value) {
|
||||
|
|
|
@ -96,7 +96,6 @@ class SysLogLogableBehavior extends LogableBehavior {
|
|||
}
|
||||
|
||||
function _saveLog(&$Model, $logData, $title = null) {
|
||||
|
||||
if ($title !== NULL) {
|
||||
$logData['Log']['title'] = $title;
|
||||
} elseif ($Model->displayField == $Model->primaryKey) {
|
||||
|
@ -135,11 +134,7 @@ class SysLogLogableBehavior extends LogableBehavior {
|
|||
$logData['Log']['version_id'] = $Model->version_id;
|
||||
unset($Model->version_id);
|
||||
}
|
||||
|
||||
if (isset($this->schema['ip']) && $this->userIP) {
|
||||
$logData['Log']['ip'] = $this->userIP;
|
||||
}
|
||||
|
||||
|
||||
if (isset($this->schema[$this->settings[$Model->alias]['userKey']]) && $this->user) {
|
||||
$logData['Log'][$this->settings[$Model->alias]['userKey']] = $this->user[$this->UserModel->alias][$this->UserModel->primaryKey];
|
||||
}
|
||||
|
@ -234,8 +229,7 @@ class SysLogLogableBehavior extends LogableBehavior {
|
|||
}
|
||||
$this->Log->create($logData);
|
||||
$this->Log->save(null, array(
|
||||
'validate' => false,
|
||||
'callbacks' => false));
|
||||
'validate' => false));
|
||||
|
||||
// write to syslogd as well
|
||||
$syslog = new SysLog();
|
||||
|
|
|
@ -23,6 +23,10 @@
|
|||
echo " including the change \"<b>" . h($changeSearch) . "</b>\"";
|
||||
$changeSearchReplacePairs = $this->Highlight->build_replace_pairs(h($changeSearch));
|
||||
}
|
||||
if (Configure::read('MISP.log_client_ip') && $ipSearch != null) {
|
||||
echo " including the change \"<b>" . h($ipSearch) . "</b>\"";
|
||||
$ipSearchReplacePairs = $this->Highlight->build_replace_pairs(h($ipSearch));
|
||||
}
|
||||
echo ":</h4>";
|
||||
}
|
||||
?>
|
||||
|
@ -45,6 +49,7 @@
|
|||
<table class="table table-striped table-hover table-condensed">
|
||||
<tr>
|
||||
<th><?php echo $this->Paginator->sort('id');?></th>
|
||||
<?php if (Configure::read('MISP.log_client_ip')) echo '<th>' . $this->Paginator->sort('ip', 'IP') . '</th>';?>
|
||||
<th><?php echo $this->Paginator->sort('email');?></th>
|
||||
<th><?php echo $this->Paginator->sort('org');?></th>
|
||||
<th><?php echo $this->Paginator->sort('created');?></th>
|
||||
|
@ -55,6 +60,14 @@
|
|||
<?php foreach ($list as $item): ?>
|
||||
<tr>
|
||||
<td class="short"><?php echo h($item['Log']['id']); ?> </td>
|
||||
<?php
|
||||
if (Configure::read('MISP.log_client_ip')) {
|
||||
echo '<td>';
|
||||
if (isset($ipSearch) && $ipSearch != null) echo nl2br($this->Highlight->highlighter(h($item['Log']['ip']), $ipSearchReplacePairs));
|
||||
else echo h($item['Log']['ip']);
|
||||
echo '</td> ';
|
||||
}
|
||||
?>
|
||||
<td class="short"><?php
|
||||
if (isset($emailSearch) && $emailSearch != null) echo nl2br($this->Highlight->highlighter(h($item['Log']['email']), $emailSearchReplacePairs));
|
||||
else echo (h($item['Log']['email'])); ?> </td>
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
if ($orgRestriction == false) {
|
||||
echo $this->Form->input('org', array( 'label' => 'Organisation'));
|
||||
}
|
||||
if (Configure::read('MISP.log_client_ip')) echo $this->Form->input('ip', array( 'label' => 'IP'));
|
||||
echo $this->Form->input('action', array(
|
||||
'between' => $this->Html->div('forminfo', '', array('id' => 'LogActionDiv')),
|
||||
'div' => 'input clear'));
|
||||
|
|
Loading…
Reference in New Issue