Examples with SystemAuditRecord password.pwm.svc.event.SystemAuditRecord used on opensource projects
Example 1 with SystemAuditRecord
use of password.pwm.svc.event.SystemAuditRecord in project pwm by pwm-project.
the class IntruderManager method mark.
public void mark(final RecordType recordType, final String subject, final SessionLabel sessionLabel) throws PwmUnrecoverableException {
if (recordType == null) {
throw new IllegalArgumentException("recordType is required");
}
if (subject == null || subject.length() < 1) {
return;
}
if (recordType == RecordType.ADDRESS) {
try {
final InetAddress inetAddress = InetAddress.getByName(subject);
if (inetAddress.isAnyLocalAddress() || inetAddress.isLoopbackAddress() || inetAddress.isLinkLocalAddress()) {
LOGGER.debug("disregarding local address intruder attempt from: " + subject);
return;
}
} catch (Exception e) {
LOGGER.error("error examining address: " + subject);
}
}
final RecordManager manager = recordManagers.get(recordType);
manager.markSubject(subject);
if (recordType == RecordType.USER_ID) {
final UserIdentity userIdentity = UserIdentity.fromKey(subject, pwmApplication);
final UserAuditRecord auditRecord = new AuditRecordFactory(pwmApplication).createUserAuditRecord(AuditEvent.INTRUDER_USER_ATTEMPT, userIdentity, sessionLabel);
pwmApplication.getAuditManager().submit(auditRecord);
} else {
// send intruder attempt audit event
final Map<String, Object> messageObj = new LinkedHashMap<>();
messageObj.put("type", recordType);
messageObj.put("subject", subject);
final String message = JsonUtil.serializeMap(messageObj);
final SystemAuditRecord auditRecord = new AuditRecordFactory(pwmApplication).createSystemAuditRecord(AuditEvent.INTRUDER_ATTEMPT, message);
pwmApplication.getAuditManager().submit(auditRecord);
}
try {
check(recordType, subject);
} catch (PwmUnrecoverableException e) {
if (!manager.isAlerted(subject)) {
if (recordType == RecordType.USER_ID) {
final UserIdentity userIdentity = UserIdentity.fromKey(subject, pwmApplication);
final UserAuditRecord auditRecord = new AuditRecordFactory(pwmApplication).createUserAuditRecord(AuditEvent.INTRUDER_USER_LOCK, userIdentity, sessionLabel);
pwmApplication.getAuditManager().submit(auditRecord);
sendAlert(manager.readIntruderRecord(subject), sessionLabel);
} else {
// send intruder attempt lock event
final Map<String, Object> messageObj = new LinkedHashMap<>();
messageObj.put("type", recordType);
messageObj.put("subject", subject);
final String message = JsonUtil.serializeMap(messageObj);
final SystemAuditRecord auditRecord = new AuditRecordFactory(pwmApplication).createSystemAuditRecord(AuditEvent.INTRUDER_LOCK, message);
pwmApplication.getAuditManager().submit(auditRecord);
}
manager.markAlerted(subject);
final StatisticsManager statisticsManager = pwmApplication.getStatisticsManager();
if (statisticsManager != null && statisticsManager.status() == STATUS.OPEN) {
statisticsManager.incrementValue(Statistic.INTRUDER_ATTEMPTS);
statisticsManager.updateEps(EpsStatistic.INTRUDER_ATTEMPTS, 1);
statisticsManager.incrementValue(recordType.getLockStatistic());
}
}
throw e;
}
delayPenalty(manager.readIntruderRecord(subject), sessionLabel == null ? null : sessionLabel);
}
Also used :
UserAuditRecord(password.pwm.svc.event.UserAuditRecord)
UserIdentity(password.pwm.bean.UserIdentity)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmException(password.pwm.error.PwmException)
LinkedHashMap(java.util.LinkedHashMap)
AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory)
StatisticsManager(password.pwm.svc.stats.StatisticsManager)
InetAddress(java.net.InetAddress)
SystemAuditRecord(password.pwm.svc.event.SystemAuditRecord)
Map(java.util.Map)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
Example 2 with SystemAuditRecord
use of password.pwm.svc.event.SystemAuditRecord in project pwm by pwm-project.
the class PwmApplication method postInitTasks.
private void postInitTasks() {
final Instant startTime = Instant.now();
LOGGER.debug("loaded configuration: " + pwmEnvironment.getConfig().toDebugString());
// detect if config has been modified since previous startup
try {
final String previousHash = readAppAttribute(AppAttribute.CONFIG_HASH, String.class);
final String currentHash = pwmEnvironment.getConfig().configurationHash();
if (previousHash == null || !previousHash.equals(currentHash)) {
writeAppAttribute(AppAttribute.CONFIG_HASH, currentHash);
LOGGER.warn("configuration checksum does not match previously seen checksum, configuration has been modified since last startup");
if (this.getAuditManager() != null) {
final String modifyMessage = "configuration was modified directly (not using ConfigEditor UI)";
this.getAuditManager().submit(new AuditRecordFactory(this).createUserAuditRecord(AuditEvent.MODIFY_CONFIGURATION, null, null, modifyMessage));
}
}
} catch (Exception e) {
LOGGER.debug("unable to detect if configuration has been modified since previous startup: " + e.getMessage());
}
if (this.getConfig() != null) {
final Map<AppProperty, String> nonDefaultProperties = getConfig().readAllNonDefaultAppProperties();
if (nonDefaultProperties != null && !nonDefaultProperties.isEmpty()) {
final Map<String, String> tempMap = new LinkedHashMap<>();
for (final Map.Entry<AppProperty, String> entry : nonDefaultProperties.entrySet()) {
tempMap.put(entry.getKey().getKey(), entry.getValue());
}
LOGGER.trace("non-default app properties read from configuration: " + JsonUtil.serializeMap(tempMap));
} else {
LOGGER.trace("no non-default app properties in configuration");
}
}
// send system audit event
try {
final SystemAuditRecord auditRecord = new AuditRecordFactory(this).createSystemAuditRecord(AuditEvent.STARTUP, null);
getAuditManager().submit(auditRecord);
} catch (PwmException e) {
LOGGER.warn("unable to submit start alert event " + e.getMessage());
}
try {
final Map<PwmAboutProperty, String> infoMap = PwmAboutProperty.makeInfoBean(this);
LOGGER.trace("application info: " + JsonUtil.serializeMap(infoMap));
} catch (Exception e) {
LOGGER.error("error generating about application bean: " + e.getMessage(), e);
}
try {
this.getIntruderManager().clear(RecordType.USERNAME, PwmConstants.CONFIGMANAGER_INTRUDER_USERNAME);
} catch (Exception e) {
LOGGER.warn("error while clearing configmanager-intruder-username from intruder table: " + e.getMessage());
}
if (!pwmEnvironment.isInternalRuntimeInstance()) {
try {
outputKeystore(this);
} catch (Exception e) {
LOGGER.debug("error while generating keystore output: " + e.getMessage());
}
try {
outputTomcatConf(this);
} catch (Exception e) {
LOGGER.debug("error while generating tomcat conf output: " + e.getMessage());
}
}
LOGGER.trace("completed post init tasks in " + TimeDuration.fromCurrent(startTime).asCompactString());
}
Also used :
Instant(java.time.Instant)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
PwmException(password.pwm.error.PwmException)
IOException(java.io.IOException)
LinkedHashMap(java.util.LinkedHashMap)
PwmException(password.pwm.error.PwmException)
AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory)
Map(java.util.Map)
LinkedHashMap(java.util.LinkedHashMap)
SystemAuditRecord(password.pwm.svc.event.SystemAuditRecord)
Aggregations
LinkedHashMap (java.util.LinkedHashMap)2
Map (java.util.Map)2
PwmException (password.pwm.error.PwmException)2
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)2
AuditRecordFactory (password.pwm.svc.event.AuditRecordFactory)2
SystemAuditRecord (password.pwm.svc.event.SystemAuditRecord)2
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)1
IOException (java.io.IOException)1
InetAddress (java.net.InetAddress)1
Instant (java.time.Instant)1
HashMap (java.util.HashMap)1
UserIdentity (password.pwm.bean.UserIdentity)1
UserAuditRecord (password.pwm.svc.event.UserAuditRecord)1
StatisticsManager (password.pwm.svc.stats.StatisticsManager)1
