/usr/lib/python3/dist-packages/custodia/log.py is in python3-custodia 0.1.0-5ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 | # Copyright (C) 2015 Custodia Project Contributors - see LICENSE file
import io
import sys
import traceback
import time
DEBUG = False
def stacktrace():
with io.BytesIO() as f:
_, _, tb = sys.exc_info()
traceback.print_tb(tb, None, file=f)
del tb
return f.getvalue()
def get_time():
t = time.gmtime(time.time())
return '%04d/%02d/%02d %02d:%02d:%02d' % (
t[0], t[1], t[2], t[3], t[4], t[5])
def error(msg, head=None):
if head is not None:
head = get_time()
sys.stderr.write('[%s] %s\n' % (head, msg))
def debug(msg):
if DEBUG:
error(msg, 'DEBUG')
sys.stderr.write(stacktrace())
AUDIT_NONE = 0
AUDIT_GET_ALLOWED = 1
AUDIT_GET_DENIED = 2
AUDIT_SET_ALLOWED = 3
AUDIT_SET_DENIED = 4
AUDIT_DEL_ALLOWED = 5
AUDIT_DEL_DENIED = 6
AUDIT_LAST = 7
AUDIT_MESSAGES = [
"AUDIT FAILURE",
"ALLOWED: '{client:s}' requested key '{key:s}'", # AUDIT_GET_ALLOWED
"DENIED: '{client:s}' requested key '{key:s}'", # AUDIT_GET_DENIED
"ALLOWED: '{client:s}' stored key '{key:s}'", # AUDIT_SET_ALLOWED
"DENIED: '{client:s}' stored key '{key:s}'", # AUDIT_SET_DENIED
"ALLOWED: '{client:s}' deleted key '{key:s}'", # AUDIT_DEL_ALLOWED
"DENIED: '{client:s}' deleted key '{key:s}'", # AUDIT_DEL_DENIED
]
class audit_log(object):
def __init__(self, config):
if config is None:
config = {}
self.logfile = config.get('auditlog', 'custodia.audit.log')
def _log(self, message):
with open(self.logfile, 'a+') as f:
f.write('%s: %s\n' % (get_time(), message))
f.flush()
def key_access(self, action, client, keyname):
if action <= AUDIT_NONE or action >= AUDIT_LAST:
action = AUDIT_NONE
self._log(AUDIT_MESSAGES[action].format(client=client, key=keyname))
|