[syslog] Add option to anonymize log entries after X days

Closes #3301
author: Simon Rettberg 2018-02-08 12:16:55 +0100
committer: Simon Rettberg 2018-02-08 12:16:55 +0100
commit: 798ff78db897fa44fa5d22847f6fec51069871ad (patch)
tree: e05da4a6f47886e4ecd200763d2c2217eac8e22f /modules-available/syslog
parent: [runmode] Fix error message if generic editor is not allowed, allow dnbd3 editor (diff)
download: slx-admin-798ff78db897fa44fa5d22847f6fec51069871ad.tar.gz
slx-admin-798ff78db897fa44fa5d22847f6fec51069871ad.tar.xz
slx-admin-798ff78db897fa44fa5d22847f6fec51069871ad.zip
3 files changed, 60 insertions, 0 deletions
diff --git a/modules-available/syslog/hooks/cron.inc.php b/modules-available/syslog/hooks/cron.inc.php
index bae882a9..62516648 100644
--- a/modules-available/syslog/hooks/cron.inc.php
+++ b/modules-available/syslog/hooks/cron.inc.php
@@ -1,7 +1,28 @@
 <?php
 
 if (mt_rand(1, 10) === 1) {
+	// Prune old entries
 	Database::exec("DELETE FROM clientlog WHERE (UNIX_TIMESTAMP() - 86400 * 190) > dateline");
+	// Anonymize if requested
+	$days = Property::get('syslog.anon-days', 0);
+	if ($days > 0) {
+		$cutoff = time() - ($days * 86400);
+		Database::exec("UPDATE clientlog SET description = '[root] User logged in'
+				WHERE $cutoff > dateline AND logtypeid = 'session-open' AND description NOT LIKE '[root] User %'");
+		Database::exec("UPDATE clientlog SET description = '[root] User logged out'
+				WHERE $cutoff > dateline AND logtypeid = 'session-close' AND description NOT LIKE '[root] User %'");
+		Database::exec("UPDATE clientlog SET description = '-', extra = ''
+				WHERE $cutoff > dateline AND description NOT LIKE '-'
+				AND logtypeid NOT IN ('session-open', 'session-close', 'idleaction-busy', 'partition-temp',
+					'partition-swap', 'smartctl-realloc', 'vmware-netifup', 'vmware-insmod', 'firewall-script-apply',
+					'mount-vm-tmp-fail')");
+		if (Module::get('statistics') !== false) {
+			Database::exec("UPDATE statistic SET username = 'anonymous'
+					WHERE $cutoff > dateline AND username NOT LIKE 'anonymous' AND username NOT LIKE ''");
+			Database::exec("UPDATE machine SET currentuser = NULL
+					WHERE $cutoff > lastseen AND currentuser IS NOT NULL");
+		}
+	}
 	if (mt_rand(1, 100) === 1) {
 		Database::exec("OPTIMIZE TABLE clientlog");
 	}
diff --git a/modules-available/syslog/page.inc.php b/modules-available/syslog/page.inc.php
index 153b591f..e63ada85 100644
--- a/modules-available/syslog/page.inc.php
+++ b/modules-available/syslog/page.inc.php
@@ -3,6 +3,9 @@
 class Page_SysLog extends Page
 {
 
+	const PROP_ANON_DAYS = 'syslog.anon-days'; // Copy in cronjob
+
+
 	protected function doPreprocess()
 	{
 		User::load();
@@ -11,6 +14,15 @@ class Page_SysLog extends Page
 			Message::addError('main.no-permission');
 			Util::redirect('?do=Main');
 		}
+		if (($days = Request::post('anondays', false, 'int')) !== false) {
+			if ($days < 0 || $days > 180) {
+				Message::addError('anon-days-out-of-range', $days);
+			} else {
+				Property::set(self::PROP_ANON_DAYS, $days);
+				Message::addSuccess('anon-days-saved');
+			}
+			Util::redirect('?do=syslog');
+		}
 	}
 
 	protected function doRender()
@@ -72,6 +84,7 @@ class Page_SysLog extends Page
 			'list'     => $lines,
 			'types'    => json_encode(array_values($types)),
 			'machineuuid' => Request::get('machineuuid'),
+			'anondays' => Property::get(self::PROP_ANON_DAYS, 0),
 		));
 	}
 
diff --git a/modules-available/syslog/templates/page-syslog.html b/modules-available/syslog/templates/page-syslog.html
index d4709456..585aa310 100644
--- a/modules-available/syslog/templates/page-syslog.html
+++ b/modules-available/syslog/templates/page-syslog.html
@@ -1,3 +1,6 @@
+<button type="button" class="btn btn-default pull-right" data-toggle="modal" data-target="#modal-settings">
+	<span class="glyphicon glyphicon-cog"></span> {{lang_settings}}
+</button>
 <h1>{{lang_clientLog}}</h1>
 <style type="text/css">
 	.selectize-dropdown {
@@ -74,6 +77,29 @@
 	</div>
 </div>
 
+<div id="modal-settings" class="modal fade" role="dialog">
+	<div class="modal-dialog">
+		<div class="modal-content">
+			<form method="post" action="?do=syslog">
+				<input type="hidden" name="token" value="{{token}}">
+				<div class="modal-header">
+					<button type="button" class="close" data-dismiss="modal">&times;</button>
+					<h4 class="modal-title"><b>{{lang_settings}}</b></h4>
+				</div>
+				<div class="modal-body">
+					<p>{{lang_anonDaysDescription}}</p>
+					<input type="number" name="anondays" value="{{anondays}}" min="0" max="180">
+				</div>
+				<div class="modal-footer">
+					<button type="button" class="btn btn-default" data-dismiss="modal">{{lang_cancel}}</button>
+					<button type="submit" class="btn btn-primary">{{lang_save}}</button>
+				</div>
+			</form>
+		</div>
+
+	</div>
+</div>
+
 <script type="application/javascript"><!--
 document.addEventListener('DOMContentLoaded', function () {
author	Simon Rettberg	2018-02-08 12:16:55 +0100
committer	Simon Rettberg	2018-02-08 12:16:55 +0100
commit	798ff78db897fa44fa5d22847f6fec51069871ad (patch)
tree	e05da4a6f47886e4ecd200763d2c2217eac8e22f /modules-available/syslog
parent	[runmode] Fix error message if generic editor is not allowed, allow dnbd3 editor (diff)
download	slx-admin-798ff78db897fa44fa5d22847f6fec51069871ad.tar.gz slx-admin-798ff78db897fa44fa5d22847f6fec51069871ad.tar.xz slx-admin-798ff78db897fa44fa5d22847f6fec51069871ad.zip