Logging user actions

Alexander Amelkin a.amelkin at yadro.com
Fri Jun 1 22:11:57 AEST 2018


30.05.2018 17:09, Deepak Kodihalli wrote:
> On 28/05/18 5:30 pm, Alexander Amelkin wrote:
>> Hi all!
>>
>> Customers ask us for extensive user action logging. That is, they want
>> to log everything that a user may change in the system. They want to
>> know who, how (via which interface) and when changed what. That includes
>> but is not limited to network configuration, host power on/off, reboots,
>> power restoration policy changing, firmware updates, user
>> addition/deletion and password changing, et al.
>>
>> We could listen for dbus signals and log most of that, but that way we
>> wouldn't know whether a user made a change or that was some internal
>> work. Additionally, that would yield an enormous amount of data logged
>> if we just log every property change. We could limit logging to a
>> predefined subset of properties, but when later the community adds a new
>> crucial property, we could miss it in our logs.
>>
>> We could log requests at each user interface (thankfully, we don't allow
>> shell access for users), but that would mean having copies of the same
>> logic in different subsystems, which is error prone, plus those copies
>> will definitely diverge with time.
>>
>> Does anyone have any idea on how to best implement such a requirement?
>
>
> phosphor-dbus-monitor has event monitoring support. You can specify
> via build-time config (YAML files) what D-Bus interfaces/properties
> you're interested in, and a corresponding "event" D-Bus object is
> created under the /events/<event_category>/ namespace. This was
> implemented via
> https://github.com/openbmc/openbmc/issues/2254.
>
> This doesn't address all of the concerns you've mentioned above in
> terms of the amount of data that can be logged. It helps specify the
> properties of interest though, and the event D-Bus objects are
> persisted upto a certain limit.
In fact it doesn't address even more. D-Bus doesn't have any accounting
information in its events/signals. phosphor-dbus-monitor is a great
thing, but it has no clue as to who (which user from which IP address)
has requested a HostTransition to 'off', etc.

It would be great if we weren't using D-Bus at all or if we had all user
interfaces connected to some central hub so that accounting information
was available to that hub and it could log all user requests before
translating them further to D-Bus.

Don't IBM, Google, Intel and other big guys want to log user actions?
It's quite strange to not have this functionality in OpenBMC and, what
is more important, not have the architectural possibility to properly
(in a single place) implement it. It feels like I'm just missing something.

Alexander.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20180601/7c40d798/attachment-0001.sig>


More information about the openbmc mailing list