84eed2a frontend: add systemd journal audit of executed API commands

9 files Authored by abbra 8 months ago, Committed by rcritten 8 months ago,
    frontend: add systemd journal audit of executed API commands
    
    For each executed command in server context, send the information about
    the command to the systemd journal. The resulting string is similar to
    what is recored in httpd's error_log for API requests coming through the
    RPC layer.
    
    In server mode operations are performed directly on the server over
    LDAPI unix domain socket, so httpd end-point is not used and therefore
    operations aren't recorded in the error_log.
    
    With this change any IPA API operation is sent as an audit event to the
    journal, alog with additional information collected by the journald
    itself.
    
    To aid with identification of these messages, an application name is
    replaced with IPA.API and the actual name from api.env.script is made a
    part of the logged message. The actual application script name is
    available as part of the journal metadata anyway.
    
    If no Kerberos authentication was used but rather LDAPI autobind was in
    use, the name of the authenticated principal will be replaced with
    [autobind].
    
    Messages sent with syslog NOTICE priority.
    
    More information is available in the design document 'audit-ipa-api.md'
    
    Fixes: https://pagure.io/freeipa/issue/9589
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
    
        
file modified
+52 -1
file modified
+7 -0
file modified
+1 -0
file modified
+6 -0
file modified
+4 -0
file modified
+3 -0
file modified
+74 -5