#9589 add systemd journal audit of executed API commands
Closed: fixed 8 months ago by rcritten. Opened 8 months ago by abbra.

For each executed command in server context, send the information about the command to the systemd journal. The resulting string is similar to what is recorded in httpd's error_log for API requests coming through the RPC layer.

In server mode operations are performed directly on the server over LDAPI unix domain socket, so httpd end-point is not used and therefore operations aren't recorded in the error_log. httpd end-point internally also uses the server context, thus all externally performed IPA API requests would also be recorded in the system journal.


master:

  • fd0f432 ipalib: move json formatter to a separate file
  • 145e331 ipalib/rpc: Reformat after moving json code around
  • 84eed2a frontend: add systemd journal audit of executed API commands

ipa-4-11:

  • 394fcf9 ipalib: move json formatter to a separate file
  • 6b30133 ipalib/rpc: Reformat after moving json code around
  • 2e75f56 frontend: add systemd journal audit of executed API commands

ipa-4-10:

  • 1c86ef4 ipalib: move json formatter to a separate file
  • c0bcca0 ipalib/rpc: Reformat after moving json code around
  • 378320d frontend: add systemd journal audit of executed API commands
  • 568d422 tox: allow systemd-python in tox environment
  • 5f5c654 Force python 3.11 in tox environments

ipa-4-9:

  • b6a5767 ipalib: move json formatter to a separate file
  • 1c72ab6 ipalib/rpc: Reformat after moving json code around
  • 025f446 frontend: add systemd journal audit of executed API commands
  • 401987e Tox: use sitepackages
  • 0e96d9f tox: allow systemd-python in tox environment
  • ea93ef9 Force python 3.10 in tox environments

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

8 months ago

Metadata Update from @abbra:
- Custom field changelog adjusted to FreeIPA now audits all IPA API calls through systemd journal on IPA servers. For details please see design page https://freeipa.readthedocs.io/en/latest/designs/audit-ipa-api.html

8 months ago

Log in to comment on this ticket.

Metadata