Napló adatok értelmezése
Külső naplószerverbe (logserver) történő naplózás esetén tudnunk kell, hogy a napló állományban megjelenő adatok mit jelentenek, mert csak így tudunk kereséseket, riasztásokat beállítani a külső rendszerben.
A külső rendszerbe történő naplózás esetén 2 paramétert állíthatunk be: System log és/vagy Audit log.
System log
A System log bejegyzéseket a PassMan szabványos syslog formátumban írja ki, formája és tartalma következő:
{rendszer idő} {passman szerver neve} {szolgáltatás neve}: {napló üzenet}
{system time} {passman node} {service}: {log message}
Audit log
Az audit log bejegyzések a Padminban és PassManban végzett műveleteket, tevékenységeket mutatják.
{rendszer idő} {passman szerver neve} {szolgáltatás neve}: {folyamat neve}(folyamat azonosítója): {kulcsparaméter = kulcsérték párok}
{system time} {passman node} {service}: {process name}(process id): {parameters in key = value}
A fenti beállításoktól függ, hogy milyen adatokat ír a PassMan a napló állományba.
A Padminban a Logs menüpont alatt a PassMan logs almenüben tudjuk megnézni a log állományba kerülő adatokat.
Egy tipikus auditlog naplóbejegyzés ilyen:
Naplósorok értelmezése
- id naplóbejegyzés egyedi azonosítója
- category - művelet besorolása
- Job - job-ban végrehajtott művelet
- None - nem job-ban végrehajtott művelet
- type művelet típusa
- user_upn a műveletet végző felhasználó neve "felhasználónév@domain" formátumban.
- A @local domain a PassMan-ban nyilvántartott belső felhasználókat jelenti.
- Az automatikusan (nem user által végzett művelet) futó folyamatok a 'auto@internal' felhasználó nevében futnak.
- user_address is IP address or server name of the user. Automatic tasks have 'localhost' as user address.
- activity_group - a műveletcsoport egyedi azonosítója.
- None érték esetén nem csoportosított végrehajtású műveletről van szó
- Műveletcsoport az Import, csoportos törlés és Target visszaállítás során értelmezett
- entity_type - megadja, hogy milyen elemtípuson futott le a művelet
- Group - Mappa
- Target - céleszköz (szerver vagy weblap)
- Account - felhasználói fiók
- entity_name - megadja az elem nevét
- NEM egyedi azonosító
- entity - az elem egyedi azonosítója
- entity_parent_name - a műveletben szereplő elem szülő elemének neve
- entity_parent_id - a műveletben szereplő elem szülő elemének egyedi azonosítója
- entity_path Adott elem helyzetét adja meg a fában (PassMan felület bal oldalán látható)
- Saját mappa esetén a helyzet leírása a következő: 'admin@local private/192.168.208.28/ad' (admin nevű felhasználó saját mappájában elhelyezkedő elem)
- start_timestamp művelet kezdő időpontja (is unix epoch time (1970.01.01 óta eltelt másodpercek száma.)
- failure, failure_code and failure_details are filled if the activity failed
- business_result mutatja, hogy az adott művelet sikeresen vagy hibásan futott le
- Success - sikeres futás
- Failed - hibás futás
- details a művelettel kapcsolatos kiegészítő információ
Műveletek típusai és a hozzájuk tartozó details adatok listája
category (kategória) | type (típus) | details (részletek) | description (leírás) |
|---|---|---|---|
| session | session_log | user: user attempting to log in user_address: IP address of user token_issued_at: when auth token was given to user token_expiry_time: when will auth token expire failure, failure_code logout_time: when the user explicitely logged out on the UI | PassMan session has started / finished. |
job / account | CreateAccount | target: id of target parameters of account | Create new account for the given target. |
| job / account | UpdateAccount | account: id of account parameters of account | Change the parameters of the account, like name, description etc. Credential changes are done by UpdateCredentials. |
| job / account | DeleteAccount | account: id of account | Delete given account. |
| job / account | CheckCredentials | account: id of account | Check the correctness of the credentials by logging in to the target in the background. |
| job / account | DeleteCredentials | account: id of account credential_types: password and/or ssh key | Delete given credentials of an account. |
| job / account | CheckoutCredentials | account: id of account credential_type: password or ssh key exclusive_duration: time the account can't be checked out by others | Show the given credential to the user, who can use it to access the account manually. If exclusive duration is given, PassMan ensures that other users won't shown the credentials of this account. |
| job / account | CheckinCredentials | account: id of account | If the credentials are checked out exclusively, this activity will 'give them back', allowing other user the check them out. If the exclusive duration of the checkout is up, this job will run automatically. |
| job / account | LoginCheckoutCredentials | account: id of accountcredential_type: password or ssh keyexclusive_duration: time the account can't be checked out by others user agent: passman agent initiating the action | Similar to CheckoutCredentials, but the credentials are used to login to the account, without showing them to the user. This functionality needs a passman agent, which handles the automatic login. |
| job / account | UpdateCredentials | account: id of account credentials: password and/or ssh key to change, values not shown in log | Change the credentials of an account. The changes are not reflected on the target, only in PassMan. |
| job / account | ResetCredentials | account: id of account credentials: password and/or ssh key to change, values not shown in log | Change the credentials of an account. Unlike UpdateCredentials it changes them on the target system as well, therefore if the target is unreachable, or none of the current credentials are in sync then this will fail. |
| job / account | ResetElevatedCredentials | target: id of target accounts: ids of accounts of target computers: name of windows servers where the service passwords will be changed | Change credentials of multiple accounts of given target using a service account. It can also change the passwords of windows services running on other computers. |
| job / target | CreateTarget | parent: id of group (folder) to create it in target parameters | Create target. |
| job / target | UpdateTarget | target: id of target target parameters | Change target parameters |
| job / target | DeleteTarget | target: id of target | Delete given target. |
| job / target | MoveTarget | target: id of target destination group: id of group to move it to | Move the target to a different group (folder). Permission to delete it from current group and create it in the destination group are required to succeed. |
| job / target | RestoreAccounts | timestamp: time the accounts should be restored to account: id of account target: id of target | Target recovery restores the accounts to a previous state. This is useful if the target device was restored to a backup, and PassMan needs to be synchronized to this earlier state. |
| job / folder | CreateGroup | name: name of group parent: id of the group to create it in | Create group(folder). |
| job / folder | UpdateGroup | group: id of group name: new name of group description: new description of group | Change group(folder) name and/or description. |
| job / folder | DeleteGroup | group: id of group | Delete group(folder) |
| job / folder | MoveGroup | group: id of group parent id of group to move it to | Move given group(folder) to another parent group. |
| job / vault | OpenVault | key: vault username | Opens the vault, making sensitive data in the database accessible. Only users with having a vault username and password can do that. If the vault is closed most jobs will fail. |
| job / vault | AddVaultKey | key: vault username | Add new vault user, which is independent from the login username and password. A user able to open the vault does not necessarily has to have login details to PassMan. |
| job / vault | DeleteVaultKey | key: vault username | Delete vault user. |
| job / policy | UpdateCredentialPolicy | credential_type: password or ssh key policy: requirements for the credential group: id of group target: id of target account: id of account | Change the policy the credentials have to be conform to. |
| job / policy | UpdateACL | acl: access control list (list of rules) group: id of group target: id of target account: id of account | Edit the ACL, which control the permissions of the given entity. |
| user man | AddUser | username user parameters | Add new local user to access PassMan. |
| user man | UpdateUser | username user parameters | Change local user parameters. |
| user man | DeleteUser | username | Delete given local user. |
| user man | ChangePassword | username | Change password of given local user. |
| user man | AddLocalGroup | name | Add local user group. |
| user man | DeleteLocalGroup | name | Delete local user group. |
| user man | UpdateLocalGroup | name | Change name of local group. |
| user man | ForgotPassword | name error_message | Send email to given user about forgotten password. |
| padmin / certificate | PadminGenerateSelfSignedCert | domain country state company city admin_email | To have a secure comminication via https a certificate is needed. If the site does not have a properly signed certificate, a self signed one can be generated. |
| padmin / certificate | PadminUploadCert | - | Upload certificate dedicated to the site running PassMan. |
| padmin / maintenance | PadminPassmanStart | - | Start PassMan, if it is stopped. After every start the vault admin needs to open the vault to have users access to sensitive data. |
| padmin / maintenance | PadminPassmanStop | - | Stop PassMan, if it is not stopped. |
| padmin / maintenance | PadminPassmanRestart | - | Stop PassMan and then start it again. Some activities need PassMan restarted to let the changes take effect. |
| padmin / maintenance | PadminPadminRestart | - | Restart Padmin service on virtual machine. |
| padmin / maintenance | PadminShutdown | - | Shut down the virtual machine. It won't be accessible from Padmin anymore. |
| padmin / maintenance | PadminShutdownCluster | - | Shut down all nodes of the cluster. |
| padmin / maintenance | PadminReboot | - | Reboot the virtual machine. It might take a few minutes, during that time it is not accessible from Padmin. |
| padmin / maintenance | PadminRebootCluster | - | Reboot all nodes of the cluster. |
| padmin / maintenance | PadminUpdateDatabaseIndexes | - | Update the database indexes of the PassManDatabase. It might be necessary after database restore activity. |
| padmin / update | PadminUpdatePassmanFile | upload_file | Update PassMan by uploading an update file. After that restarting it is necessary. |
| padmin / update | PadminUpdateFile | upload_file | Update Padmin by uploading an update file. After that restarting it is necessary. |
| padmin / update | PadminOsUpdate | upload_file | Update the operating system of the virtual machine. After that reboot is necessary. In cluster mode it can update only one node, so the update process needs to be run three times, on each node. |
| padmin / data | PadminDatabaseBackup | filename_postfix | Backup PassMan database. Backups are stored on the virtual machine. |
| padmin / data | PadminDatabaseRestore | filename | Restore Passman database. It's a long process and might take sevaral minutes to finish. After that, PassMan needs to be restarted. |
| padmin / data | PadminDatabaseExport | filename | Export database backup file by downloading it by the browser. Export files are encrypted. |
| padmin / data | PadminDatabaseImport | db_dump_file | Import previously exported database backup file. Importing does not restore it automatically, just copies it to the virtual machine. |
| padmin / data | PadminDeleteBackup | filename | Delete backup file from virtual machine. Old backups are not deleted automatically. |
| padmin / data | PadminAutoBackup | - | Set daily automatic backup parameters. If export destination is set, then backup files are encrypted (just like in case of export), copied to the given destination and removed from the virtual machine. |
| padmin / system settings | PadminNetwork | network parameters | Change the network settings of the virtual machine, like IP address, gateway, dns, search domains, static routes. If the changes make the virtual machine unaccessible via http, then there is no way to have it rescued via Padmin. |
| padmin / system settings | PadminLicense | - | Change the PassMan license. |
| padmin / system settings | PadminAutoJobs | changed parameters | Following automatic jobs can be configured to run daily at a specific time:
|
| padmin / system settings | PadminAuthentication | - | Configure authentication methods to PassMan. Needs PassMan restart to have the changes take effect. |
| padmin / system settings | PadminEmail | parameters | Configure the email settings. |
| padmin / system settings | PadminSecurity | changed parameters | Automatic ACL rule update for parent groups to ensure the user can view the entity he / she was given access to. |
| padmin / system settings | PadminTime | changed parameters | Configure time zone and ntp servers. |
| padmin / system settings | PadminSyslogServer | parameters | Configure syslog server to send system and audit log. |
| padmin / system settings | PadminZabbix | parameters | Configure zabbix monitoring software. |
| padmin / system settings | PadminDebugMode | changed parameters | Enable / disable debug mode to have more detailed system log. It does not affect the audit log. |
| padmin / system settings | PadminSwap | changed parameters | Increase the size of the swap file. It can't be decreased. |
| padmin / system settings | PadminPmsl | changed parameters | Configure how the PMSL (PassMan Secure Login tool) will be used to login to targets directly from the PassMan UI. |
| padmin / system settings | PadminRemoteLogin | changed parameters | Enable / disable ssh access to the virtual machine. |
| padmin / system settings | PadminConfigExport | - | Export all Padmin settings to an encrypted file, and let it download. |
| padmin / system settings | PadminConfigImport | conf_file | Import all Padmin settings from a previously exported file. |