Documentation
¶
Overview ¶
Package files provides types and functions related to the various files created and/or used by this application
Package files provides types and functions related to the various files created and/or used by this application
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ProcessDisableEvent ¶
func ProcessDisableEvent( alert events.SplunkAlertEvent, disabledUsers *DisabledUsers, reportedUserEventsLog *ReportedUserEventsLog, ignoredSources IgnoredSources, notifyWorkQueue chan<- events.Record, terminateSessions bool, ezproxyActiveFilePath string, ezproxySessionsSearchDelay int, ezproxySessionSearchRetries int, ezproxyExecutable string, )
ProcessDisableEvent receives a care-package of configuration settings, the original alert, a channel to send event records on and values representing the disabled users and reported user events log files. This function handles orchestration of multiple actions taken in response to the received alert and request to disable a user account (and disable the associated sessions). This function returns a collection of
TODO: This function and those called within are *badly* in need of refactoring.
Types ¶
type DisabledUsers ¶
type DisabledUsers struct {
FlatFile
// EntrySuffix is the string that is appended after every username added
// to the disabled users file in order to deny login access.
EntrySuffix string
// Template is a parsed template representing the line written to this
// file when a user account is disabled.
Template *template.Template
}
DisabledUsers represents the text file that EZproxy monitors for user accounts that should not be allowed to login. This application is responsible for recording user accounts in this file that it receives via alert payloads and are not otherwise excluded due to "ignored" user accounts or IP Addresses lists.
TODO: Consider singular vs plural naming `DisabledUsers` vs `DisabledUser`
func NewDisabledUsers ¶
func NewDisabledUsers(path string, entrySuffix string, permissions os.FileMode) *DisabledUsers
NewDisabledUsers constructs a DisabledUsers type with parsed template already set.
type FlatFile ¶
type FlatFile struct {
// FileOwner represents the OS user account that owns this file
FileOwner string
// FileGroup represents the OS user group with defined permissions for this
// file
FileGroup string
// FilePermissions represents the classic POSIX read, write, execute bits
// granting (or denying) access to a file/directory. Because this file
// *IS* read by EZproxy, the permissions on this file should permit
// *read* access by that daemon's user/group.
FilePermissions os.FileMode
// Path is the fully-qualified path to the disables users file created and
// managed by this application.
FilePath string
}
FlatFile represents a text file that this application is responsible for populating. This includes the disable users file and the events log file parsed by fail2ban.
type IgnoredSources ¶
type IgnoredSources struct {
IgnoredUsersFile string
IgnoredIPAddressesFile string
IgnoreLookupErrors bool
}
IgnoredSources represents the various sources of "safe" or "ignore" entries for this application. This includes user account names and client IP Addresses.
func NewIgnoredSources ¶
func NewIgnoredSources( ignoredUsersFile string, ignoredIPAddressesFile string, ignoreLookupErrors bool, ) IgnoredSources
NewIgnoredSources constructs an IgnoredSources type
type ReportedUserEventsLog ¶
type ReportedUserEventsLog struct {
FlatFile
// ReportTemplate is a parsed template representing the log line written
// when a user account is reported via alert payload. This entry occurs
// regardless of whether an account is eventually ignored or disabled.
ReportTemplate *template.Template
// DisableTemplate is a parsed template representing the log line written
// when a user account is reported the first time via alert payload and
// the user account is disabled.
DisableFirstEventTemplate *template.Template
// DisableRepeatEventTemplate is a parsed template representing the log
// line written when a user account is reported via alert payload again
// after the user account is already disabled.
DisableRepeatEventTemplate *template.Template
// IgnoreTemplate is a parsed template representing the log line written
// when a user account is reported via alert payload and the user account
// or associated IP Address is ignored due to its presence in either the
// specified "safe" or "ignored" user accounts file or IP Addresses file.
IgnoreTemplate *template.Template
// TerminateUserSessionEventTemplate is a parsed template representing the
// log line written when a user account is reported via alert payload and
// an associated user session is terminated. There may be multiple log
// lines, one for each active user session associated with the username.
TerminateUserSessionEventTemplate *template.Template
}
ReportedUserEventsLog represents a log file where this application records that a user account was reported and what action was taken. Actions include ignoring user accounts because they're in a external "safe" or "ignore" list (to prevent unintentional access disruption) and disabling user accounts (writing entries to `DisabledUsersFile`). This log file is intended to be human-readable, but also parsable by external tooling so that automatic actions can be performed (e.g, temporary banning of associated IP Addresses).
TODO: Consider singular vs plural naming `ReportedUserEventsLog` vs `ReportedUserEvents` vs `ReportedUserEvent`
func NewReportedUserEventsLog ¶
func NewReportedUserEventsLog(path string, permissions os.FileMode) *ReportedUserEventsLog
NewReportedUserEventsLog constructs a ReportedUserEventsLog type with parsed templates already set.
Source Files