github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds support the Parallel audit log index creation

Browse Source 
The index is now being generated.
This commit is contained in:
Felipe Zimmerle 2015-07-13 16:48:57 -03:00
parent 96a777a5cf
commit f13a1bd880
8 changed files with 157 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
headers/modsecurity/assay.h
View File

@ -153,6 +153,8 @@ class Assay {
std::string to_json(int parts); std::string to_json(int parts);
std::string toOldAuditLogFormat(int parts, const std::string &trailer); std::string toOldAuditLogFormat(int parts, const std::string &trailer);
std::string toOldAuditLogFormatIndex(const std::string &filename,
double size, const std::string &md5);
std::string id; std::string id;
time_t timeStamp; time_t timeStamp;

3
src/Makefile.am
View File

@ -75,7 +75,8 @@ ACTIONS = \
actions/transformations/utf8_to_unicode.cc actions/transformations/utf8_to_unicode.cc
UTILS = \ UTILS = \
utils/sha1.cc utils/sha1.cc \
utils/md5.cc
libmodsecurity_la_SOURCES = \ libmodsecurity_la_SOURCES = \
parser/seclang-parser.yy \ parser/seclang-parser.yy \

45
src/assay.cc
View File

@ -688,6 +688,51 @@ ModSecurityIntervention *Assay::intervention() {
} }
std::string Assay::toOldAuditLogFormatIndex(const std::string &filename,
double size, const std::string &md5) {
std::stringstream ss;
struct tm timeinfo;
char tstr[300];
memset(tstr, '\0', 300);
localtime_r(&this->timeStamp, &timeinfo);
strftime(tstr, 299, "[%d/%b/%Y:%H:%M:%S %z]", &timeinfo);
ss << dash_if_empty(this->resolve_variable("REQUEST_HEADERS:Host")) << " ";
ss << dash_if_empty(this->m_clientIpAddress) << " ";
/** TODO: Check variable */
ss << dash_if_empty(this->resolve_variable("REMOTE_USER")) << " ";
/** TODO: Check variable */
ss << dash_if_empty(this->resolve_variable("LOCAL_USER")) << " ";
ss << tstr << " ";
ss << "\"";
ss << this->m_protocol << " ";
ss << this->m_uri << " ";
ss << "HTTP/" << m_httpVersion;
ss << "\" ";
ss << this->httpCodeReturned << " ";
ss << this->m_responseBody.tellp();
/** TODO: Check variable */
ss << dash_if_empty(this->resolve_variable("REFERER")) << " ";
ss << "\"";
ss << dash_if_empty(this->resolve_variable("REQUEST_HEADERS:User-Agent"));
ss << "\" ";
ss << this->id << " ";
/** TODO: Check variable */
ss << dash_if_empty(this->resolve_variable("REFERER")) << " ";
ss << filename << " ";
ss << "0" << " ";
ss << std::to_string(size) << " ";
ss << "md5:" << md5 << std::endl;
return ss.str();
}
std::string Assay::toOldAuditLogFormat(int parts, const std::string &trailer) { std::string Assay::toOldAuditLogFormat(int parts, const std::string &trailer) {
std::stringstream audit_log; std::stringstream audit_log;
struct tm timeinfo; struct tm timeinfo;

35
src/audit_log_writer_parallel.cc
View File

@ -27,10 +27,22 @@
#include "src/audit_log.h" #include "src/audit_log.h"
#include "modsecurity/assay.h" #include "modsecurity/assay.h"
#include "src/utils.h" #include "src/utils.h"
#include "utils/md5.h"
namespace ModSecurity { namespace ModSecurity {
AuditLogWriterParallel::~AuditLogWriterParallel() {
if (log1.is_open()) {
log1.close();
}
if (log2.is_open()) {
log2.close();
}
}
inline std::string AuditLogWriterParallel::logFilePath(time_t *t, inline std::string AuditLogWriterParallel::logFilePath(time_t *t,
int part) { int part) {
struct tm timeinfo; struct tm timeinfo;
@ -65,6 +77,15 @@ inline std::string AuditLogWriterParallel::logFilePath(time_t *t,
bool AuditLogWriterParallel::init() { bool AuditLogWriterParallel::init() {
/** TODO:: Check if the directory exists. */ /** TODO:: Check if the directory exists. */
/** TODO:: Checking if we have permission to write in the target dir */ /** TODO:: Checking if we have permission to write in the target dir */
if (!m_audit->m_path1.empty()) {
log1.open(m_audit->m_path1, std::fstream::out | std::fstream::app);
}
if (!m_audit->m_path2.empty()) {
log2.open(m_audit->m_path2, std::fstream::out | std::fstream::app);
}
return true; return true;
} }
@ -100,7 +121,21 @@ bool AuditLogWriterParallel::write(Assay *assay, int parts) {
fwrite(log.c_str(), log.length(), 1, fp); fwrite(log.c_str(), log.length(), 1, fp);
fclose(fp); fclose(fp);
if (log1.is_open() && log2.is_open()) {
log2 << assay->toOldAuditLogFormatIndex(fileName, log.length(),
md5(log));
}
if (log1.is_open() && !log2.is_open()) {
log1 << assay->toOldAuditLogFormatIndex(fileName, log.length(),
md5(log));
}
if (!log1.is_open() && log2.is_open()) {
log2 << assay->toOldAuditLogFormatIndex(fileName, log.length(),
md5(log));
}
return true; return true;
} }
} // namespace ModSecurity } // namespace ModSecurity

4
src/audit_log_writer_parallel.h
View File

@ -31,7 +31,7 @@ class AuditLogWriterParallel : public AuditLogWriter {
explicit AuditLogWriterParallel(AuditLog *audit) explicit AuditLogWriterParallel(AuditLog *audit)
: AuditLogWriter(audit) { } : AuditLogWriter(audit) { }
~AuditLogWriterParallel() { } ~AuditLogWriterParallel();
bool init() override; bool init() override;
bool write(Assay *assay, int parts) override; bool write(Assay *assay, int parts) override;
@ -69,6 +69,8 @@ class AuditLogWriterParallel : public AuditLogWriter {
YearMonthDayAndTimeFileName = 8, YearMonthDayAndTimeFileName = 8,
}; };
std::ofstream log1;
std::ofstream log2;
inline std::string logFilePath(time_t *t, int part); inline std::string logFilePath(time_t *t, int part);
}; };

9
src/utils.cc
View File

@ -57,6 +57,15 @@ double random_number(const double from, const double to) {
} }
std::string dash_if_empty(const std::string& str) {
if (str.empty()) {
return "-";
}
return str;
}
double generate_assay_unique_id() { double generate_assay_unique_id() {
return random_number(0, 100); return random_number(0, 100);
} }

1
src/utils.h
View File

@ -28,6 +28,7 @@ namespace ModSecurity {
double generate_assay_unique_id(); double generate_assay_unique_id();
std::string ascTime(time_t *t); std::string ascTime(time_t *t);
void createDir(std::string dir, int mode); void createDir(std::string dir, int mode);
std::string dash_if_empty(const std::string& str);
} // namespace ModSecurity } // namespace ModSecurity
#define SRC_UTILS_H_ #define SRC_UTILS_H_

60
test/test-cases/regression/auditlog.json
View File

@ -117,5 +117,65 @@
"SecAuditLogType Serial", "SecAuditLogType Serial",
"SecAuditLogRelevantStatus \"^(?:5|4(?!04))\"" "SecAuditLogRelevantStatus \"^(?:5|4(?!04))\""
] ]
},
{
"enabled": 1,
"version_min": 300000,
"version_max": 0,
"title": "auditlog : basic parser test - serial",
"client": {
"ip": "200.249.12.31",
"port": 2313
},
"server": {
"ip": "200.249.12.31",
"port": 80
},
"request": {
"headers": {
"Host": "www.modsecurity.org",
"User-Agent": "Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko\/20091102 Firefox\/3.5.5 (.NET CLR 3.5.30729)",
"Accept": "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8",
"Accept-Language": "en-us,en;q=0.5",
"Accept-Encoding": "gzip,deflate",
"Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Keep-Alive": "300",
"Connection": "keep-alive",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
"uri": "\/test.pl?param1= test &param2=test2",
"protocol": "GET",
"http_version": 1.1,
"body": ""
},
"response": {
"headers": {
"Content-Type": "plain\/text\n\r"
},
"body": [
"test"
]
},
"expected": {
"audit_log": "",
"debug_log": "\\[9\\] T \\(0\\) trim: \"test\"",
"error_log": "",
"http_code": 403
},
"rules": [
"SecRuleEngine On",
"SecDebugLog \/tmp\/modsec_debug.log",
"SecDebugLogLevel 9",
"SecRule ARGS \"@contains test\" \"t:trim,block,auditlog\"",
"SecAuditEngine RelevantOnly",
"SecAuditLogParts ABCFHZ",
"SecAuditLogStorageDir /tmp/test",
"SecAuditLog /tmp/audit_test_parallel.log",
"SecAuditLogDirMode 0766",
"SecAuditLogFileMode 0600",
"SecAuditLogType Parallel",
"SecAuditLogRelevantStatus \"^(?:5|4(?!04))\""
]
} }
] ]