Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add application level Python audit logging #53

Merged
merged 4 commits into from
Jan 4, 2023
Merged

Add application level Python audit logging #53

merged 4 commits into from
Jan 4, 2023

Conversation

jamesbursa
Copy link
Contributor

Ticket

None

Changes

  • Add module api.logging.audit that implements Python audit logging.
  • Add module api.util.collections.dict with class LeastRecentlyUsedDict.

Context for reviewers

Python has an audit events feature. This code uses the feature to log audit events, which can be useful for security analysis.

The logs have a custom logging level AUDIT.

Testing

A selection of logs when the server starts, include file opens, socket operations, and subprocess start:

Screenshot_2022-12-22_14-42-54

zelgadis
zelgadis approved these changes Dec 23, 2022
View reviewed changes
Copy link
Contributor

@zelgadis zelgadis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Made a few suggestions / nits, but nothing blocking 👍

app/api/logging/audit.py Outdated Show resolved Hide resolved
app/api/logging/audit.py Outdated Show resolved Hide resolved
app/api/util/collections/dict.py
import collections


class LeastRecentlyUsedDict(collections.OrderedDict):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this file be named least_recently_used_dict.py?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And in app/api/util/collections/__init__.py we can do:

from .least_recently_used_dict import LeastRecentlyUsedDict

And to use it:

from api.util.collections import LeastRecentlyUsedDict

LeastRecentlyUsedDict(maxsize=4)

Which I think is a little cleaner than:

from api.util.collections.dict import dict_util

dict_util.LeastRecentlyUsedDict(maxsize=4)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Used the name dict as this could contain other dict related utilities in future. I added the import to __init__.py.

@jamesbursa jamesbursa merged commit 802127b into main Jan 4, 2023
@jamesbursa jamesbursa deleted the jamesbursa/add-audit-logging branch January 4, 2023 18:35
@lorenyu lorenyu mentioned this pull request Jan 24, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zelgadis zelgadis zelgadis approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jamesbursa @zelgadis