- org admins have the inherent ability to reset passwords for all of their org's users
- this however could be abused if for some reason the host org of an instance would create org admins
- the org admin could set a password manually for the site admin or simply use the API key of the site admin to impersonate them
- the potential for abuse is very circumstancial as it requires the host org to create lower privilege org admins instead of the usual site admins
- only org admins of the same organisation as the site admin could abuse this
- as reported by Raymond Schippers
* Check Plugin.ZeroMQ_event_notifications_enable instead of Plugin.ZeroMQ_attribute_notifications_enable in Event.php
* Check Plugin.ZeroMQ_audit_notifications_enable instead of Plugin.ZeroMQ_user_notifications_enable in Log.php
* Check Plugin.ZeroMQ_object_notifications_enable instead of Plugin.ZeroMQ_attribute_notifications_enable in MispObject.php
Signed-off-by: Nikos Filippakis <nikolaos.filippakis@cern.ch>
- rare occurance, but some MISP servers enter an upgrade loop causing massive amounts of log entries
- this patch cleans up the bug preventing further upgrade loops as well as offers a script to clean up the fallout
- removed incorrect, useless boiler plate comments
- kept useful comments intact
- added some missing line breaks to make the codebase a bit more uniform
- removed some obviously obsolete TODO comments
- fixed some issues with the error detection on synced events
- pre-filtering of events based on sync filters before pushing them should improve performance a great deal
- allows a site admin to merge all objects belonging to an organisation into another
- this can be useful if duplicate organisations exist for example
- the tool overrides the built in mechanism and should only be used if absolutely required
- at the end of the process the original organisation is removed
- the tool generates 2 files that are dropped in the log directory of MISP
- 1 contains a JSON with all the changed fields and the IDs
- 1 contains an SQL script that allows an admin to revert the changes
- added indeces to the MYSQL.sql file
- contributors now looks for shadow attributes instead of log entries (should make the event view much faster and resolve some timeout issues on sync when the log is massive)
What works:
- added submodules for taxonomies
- added import tool for taxonomies
- added models and convenience functions for taxonomies
- site admins can update taxonomy libraries
- list taxonomies / view indvidual ones (with all resolved tags)
- create tags manually if a taxonomy is enabled
- view related tags / events quickly from the Taxonomy view
What doesn't work:
- Users still cannot choose a tag from taxonomy lists (this will be the main functionality)
- Feature cannot be disabled
- Changing the auth key now creates a log entry that inclues the user's ID, e-mail address old and new autkeys
- Also removed the logging of the hashed password for newly created users
Merge and upgrade of several new features
Conflicts:
VERSION.json
app/Controller/ShadowAttributesController.php
app/Controller/TagsController.php
app/Model/AppModel.php
app/Model/Event.php
app/Plugin/SysLogLogable/Model/Behavior/SysLogLogableBehavior.php
- Added logging of failed login attempts
- Added (optional) logging of successful authentications
- admin setting that has to be enabled
- will log all API calls (both HTTP method and target url)
- optional logging of user IP address for all logs
- each log entry created while this setting is enabled will log the IP address of the client
- disabling it also hides the IPs from the interface
- added new IP field for the log search (only if enabled)