Backlog #2553

User activity loggings for DN-based logins and launches

Added by Hyunwoo Kim over 7 years ago. Updated over 6 years ago.

Status:ClosedStart date:12/10/2013
Priority:HighDue date:
Assignee:-% Done:

0%

Category:Core & System
Target version:-

Description

We have modified 7 Ruby files and 3 C++ files to implement a new local feature in FermiCloud.
We are logging the user's DN and its signer's DN in oned.log for the following 4 types of events:
1. When a user logs in via CLI
2. When a user logs in via SSI
3. When a user launches a VM via CLI
4. When a user launches a VM via SSI
( CLI=CommandLineInterface, SSI=SunStoneInterface )

We hope that these can be part of OpenNebula standard distribution.

I will describe which files had to be modified for each case.
Below, the paths all assume the source tar ball.

1. Login via CLI
src/cli/oneuser : invokes fcuserlog.
src/cli/one_helper.rb : a new class method fcuserlog is defined here which instantiates a new ClientFC.
src/oca/ruby/opennebula/client.rb : a new class ClientFC is defined here which invokes an XMLRPC connection.

2. Launch via CLI
src/cli/onetemplate : invokes fcuserlog.

3. Login via SSI
src/sunstone/sunstone-server.rb : simply makes an XMLRPC call in def build_session

4. Launch via SSI
src/sunstone/sunstone-server.rb : creates @SunstoneServer in "before do" with clientfc method
src/cloud/common/CloudAuth.rb : defines a new method clientfc
src/sunstone/models/OpenNebulaJSON/TemplateJSON.rb : makes an XMLRPC call here.

5. Server side
include/RequestManagerVMTemplate.h : declares a new class FcuserLogging : public RequestManagerVMTemplate.
src/rm/RequestManagerVMTemplate.cc : defines FcuserLogging::request_execute.
src/rm/RequestManager.cc : registers a new handle that invokes FcuserLogging.

I am attaching a tar ball that includes these 7 Ruby files and 3 C++ files.
Our modifications in each file are enclosed between two comments that start with "FC"

If you have any questions or further requests to improve the codes, please let me know.

HyunWoo KIM
FermiCloud

fclogging.tar.gz (22.3 KB) Hyunwoo Kim, 12/10/2013 04:55 PM

fclogging_jan20.tar.gz (23.1 KB) Hyunwoo Kim, 01/20/2014 05:34 PM

fclogging_jan21.tar.gz (25.6 KB) Hyunwoo Kim, 01/21/2014 10:35 PM


Related issues

Related to Backlog #1615: Add audit trail features Pending 10/26/2012

History

#1 Updated by Ruben S. Montero over 7 years ago

  • Status changed from Pending to New

#2 Updated by Ruben S. Montero over 7 years ago

  • Tracker changed from Feature to Backlog
  • Category set to Core & System
  • Priority changed from Normal to Low

Thanks for the feedback. This is related to #1615, audit trails. We need to come out with a general mechanism, to audit each action.

Thanks for your feedback and contribution!

#3 Updated by Ruben S. Montero over 7 years ago

#4 Updated by Ruben S. Montero over 7 years ago

  • Status changed from New to Pending

#5 Updated by Ruben S. Montero over 7 years ago

  • Priority changed from Low to High

#6 Updated by Ruben S. Montero over 7 years ago

  • Tracker changed from Backlog to Feature
  • Status changed from Pending to New
  • Priority changed from High to Normal
  • Target version set to Release 4.6

#7 Updated by Hyunwoo Kim over 7 years ago

I updated fclogging/src/oca/ruby/opennebula/client.rb for a typo
and uploaded a new tar ball file.

#8 Updated by Hyunwoo Kim over 7 years ago

I modified several files in order to add a new feature which now
first checks if the user is using x509 authN method.
If so, it logs the user's DN,
If not, it bypasses.

#9 Updated by Jaime Melis over 7 years ago

  • Target version changed from Release 4.6 to Release 4.8

#10 Updated by Ruben S. Montero about 7 years ago

  • Tracker changed from Feature to Backlog
  • Priority changed from Normal to High

#11 Updated by Ruben S. Montero about 7 years ago

  • Target version deleted (Release 4.8)

#12 Updated by Ruben S. Montero almost 7 years ago

  • Status changed from New to Pending

#13 Updated by Ruben S. Montero over 6 years ago

  • Status changed from Pending to Closed

This was implemented by other issues

Also available in: Atom PDF