prosody-modules: mod_audit_auth/mod_audit

annotate mod_audit_auth/mod_audit_auth.lua @ 5787:e79f9dec35c0

mod_c2s_conn_throttle: Reduce log level from error->info Our general policy is that "error" should never be triggerable by remote entities, and that it is always about something that requires admin intervention. This satisfies neither condition. The "warn" level can be used for unexpected events/behaviour triggered by remote entities, and this could qualify. However I don't think failed auth attempts are unexpected enough. I selected "info" because it is what is also used for other notable session lifecycle events.

author	Matthew Wild <mwild1@gmail.com>
date	Thu, 07 Dec 2023 15:46:50 +0000
parents	f199bff16f1f
children	cc30c4b5f006

rev	line source
5712 b357ff3d0c8a mod_audit_auth: Include hostpart with audit events Kim Alvefur <zash@zash.se> parents: 4934 diff changeset	1 local jid = require"util.jid";
5749 238c4ac8b735 mod_audit_auth: Add audit record when a client connects that has not been seen before Matthew Wild <mwild1@gmail.com> parents: 5748 diff changeset	2 local st = require "util.stanza";
5712 b357ff3d0c8a mod_audit_auth: Include hostpart with audit events Kim Alvefur <zash@zash.se> parents: 4934 diff changeset	3
4933 530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	4 module:depends("audit");
4934 08dea42a302a mod_audit: fix luacheck warnings Jonas Schäfer <jonas@wielicki.name>* parents: 4933 diff changeset	5 -- luacheck: read globals module.audit
4933 530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	6
5748 dfbced5e54b9 mod_audit_auth: Ignore FAST authentication events by default Matthew Wild <mwild1@gmail.com> parents: 5712 diff changeset	7 local only_passwords = module:get_option_boolean("audit_auth_passwords_only", true);
dfbced5e54b9 mod_audit_auth: Ignore FAST authentication events by default Matthew Wild <mwild1@gmail.com> parents: 5712 diff changeset	8
4933 530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	9 module:hook("authentication-failure", function(event)
530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	10 local session = event.session;
5712 b357ff3d0c8a mod_audit_auth: Include hostpart with audit events Kim Alvefur <zash@zash.se> parents: 4934 diff changeset	11 module:audit(jid.join(session.sasl_handler.username, module.host), "authentication-failure", {
4933 530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	12 session = session,
530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	13 });
530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	14 end)
530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	15
530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	16 module:hook("authentication-success", function(event)
530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	17 local session = event.session;
5748 dfbced5e54b9 mod_audit_auth: Ignore FAST authentication events by default Matthew Wild <mwild1@gmail.com> parents: 5712 diff changeset	18 if only_passwords and session.sasl_handler.fast then
dfbced5e54b9 mod_audit_auth: Ignore FAST authentication events by default Matthew Wild <mwild1@gmail.com> parents: 5712 diff changeset	19 return;
dfbced5e54b9 mod_audit_auth: Ignore FAST authentication events by default Matthew Wild <mwild1@gmail.com> parents: 5712 diff changeset	20 end
5712 b357ff3d0c8a mod_audit_auth: Include hostpart with audit events Kim Alvefur <zash@zash.se> parents: 4934 diff changeset	21 module:audit(jid.join(session.sasl_handler.username, module.host), "authentication-success", {
4933 530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	22 session = session,
530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	23 });
530d116b7f68 mod_audit: modules for audit logging in prosody Jonas Schäfer <jonas@wielicki.name>* parents: diff changeset	24 end)
5749 238c4ac8b735 mod_audit_auth: Add audit record when a client connects that has not been seen before Matthew Wild <mwild1@gmail.com> parents: 5748 diff changeset	25
238c4ac8b735 mod_audit_auth: Add audit record when a client connects that has not been seen before Matthew Wild <mwild1@gmail.com> parents: 5748 diff changeset	26 module:hook("client_management/new-client", function (event)
238c4ac8b735 mod_audit_auth: Add audit record when a client connects that has not been seen before Matthew Wild <mwild1@gmail.com> parents: 5748 diff changeset	27 local session, client = event.session, event.client;
238c4ac8b735 mod_audit_auth: Add audit record when a client connects that has not been seen before Matthew Wild <mwild1@gmail.com> parents: 5748 diff changeset	28
238c4ac8b735 mod_audit_auth: Add audit record when a client connects that has not been seen before Matthew Wild <mwild1@gmail.com> parents: 5748 diff changeset	29 local client_info = st.stanza("client", { id = client.id });
5780 f199bff16f1f mod_audit_auth: Improve user-agent building (fixes traceback) Matthew Wild <mwild1@gmail.com> parents: 5749 diff changeset	30
5749 238c4ac8b735 mod_audit_auth: Add audit record when a client connects that has not been seen before Matthew Wild <mwild1@gmail.com> parents: 5748 diff changeset	31 if client.user_agent then
5780 f199bff16f1f mod_audit_auth: Improve user-agent building (fixes traceback) Matthew Wild <mwild1@gmail.com> parents: 5749 diff changeset	32 local user_agent = st.stanza("user-agent", { xmlns = "urn:xmpp:sasl:2" })
f199bff16f1f mod_audit_auth: Improve user-agent building (fixes traceback) Matthew Wild <mwild1@gmail.com> parents: 5749 diff changeset	33 if client.user_agent.software then
f199bff16f1f mod_audit_auth: Improve user-agent building (fixes traceback) Matthew Wild <mwild1@gmail.com> parents: 5749 diff changeset	34 user_agent:text_tag("software", client.user_agent.software, { id = client.user_agent.software_id; version = client.user_agent.software_version });
f199bff16f1f mod_audit_auth: Improve user-agent building (fixes traceback) Matthew Wild <mwild1@gmail.com> parents: 5749 diff changeset	35 end
f199bff16f1f mod_audit_auth: Improve user-agent building (fixes traceback) Matthew Wild <mwild1@gmail.com> parents: 5749 diff changeset	36 if client.user_agent.device then
f199bff16f1f mod_audit_auth: Improve user-agent building (fixes traceback) Matthew Wild <mwild1@gmail.com> parents: 5749 diff changeset	37 user_agent:text_tag("device", client.user_agent.device);
f199bff16f1f mod_audit_auth: Improve user-agent building (fixes traceback) Matthew Wild <mwild1@gmail.com> parents: 5749 diff changeset	38 end
f199bff16f1f mod_audit_auth: Improve user-agent building (fixes traceback) Matthew Wild <mwild1@gmail.com> parents: 5749 diff changeset	39 if client.user_agent.uri then
f199bff16f1f mod_audit_auth: Improve user-agent building (fixes traceback) Matthew Wild <mwild1@gmail.com> parents: 5749 diff changeset	40 user_agent:text_tag("uri", client.user_agent.uri);
f199bff16f1f mod_audit_auth: Improve user-agent building (fixes traceback) Matthew Wild <mwild1@gmail.com> parents: 5749 diff changeset	41 end
f199bff16f1f mod_audit_auth: Improve user-agent building (fixes traceback) Matthew Wild <mwild1@gmail.com> parents: 5749 diff changeset	42 client_info:add_child(user_agent);
5749 238c4ac8b735 mod_audit_auth: Add audit record when a client connects that has not been seen before Matthew Wild <mwild1@gmail.com> parents: 5748 diff changeset	43 end
5780 f199bff16f1f mod_audit_auth: Improve user-agent building (fixes traceback) Matthew Wild <mwild1@gmail.com> parents: 5749 diff changeset	44
5749 238c4ac8b735 mod_audit_auth: Add audit record when a client connects that has not been seen before Matthew Wild <mwild1@gmail.com> parents: 5748 diff changeset	45 if client.legacy then
238c4ac8b735 mod_audit_auth: Add audit record when a client connects that has not been seen before Matthew Wild <mwild1@gmail.com> parents: 5748 diff changeset	46 client_info:text_tag("legacy");
238c4ac8b735 mod_audit_auth: Add audit record when a client connects that has not been seen before Matthew Wild <mwild1@gmail.com> parents: 5748 diff changeset	47 end
238c4ac8b735 mod_audit_auth: Add audit record when a client connects that has not been seen before Matthew Wild <mwild1@gmail.com> parents: 5748 diff changeset	48
238c4ac8b735 mod_audit_auth: Add audit record when a client connects that has not been seen before Matthew Wild <mwild1@gmail.com> parents: 5748 diff changeset	49 module:audit(jid.join(session.username, module.host), "new-client", {
238c4ac8b735 mod_audit_auth: Add audit record when a client connects that has not been seen before Matthew Wild <mwild1@gmail.com> parents: 5748 diff changeset	50 session = session;
238c4ac8b735 mod_audit_auth: Add audit record when a client connects that has not been seen before Matthew Wild <mwild1@gmail.com> parents: 5748 diff changeset	51 custom = {
238c4ac8b735 mod_audit_auth: Add audit record when a client connects that has not been seen before Matthew Wild <mwild1@gmail.com> parents: 5748 diff changeset	52 };
238c4ac8b735 mod_audit_auth: Add audit record when a client connects that has not been seen before Matthew Wild <mwild1@gmail.com> parents: 5748 diff changeset	53 });
238c4ac8b735 mod_audit_auth: Add audit record when a client connects that has not been seen before Matthew Wild <mwild1@gmail.com> parents: 5748 diff changeset	54 end);

Mercurial > prosody-modules

annotate mod_audit_auth/mod_audit_auth.lua @ 5787:e79f9dec35c0