Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initial work on adding audit capabilities to lottip #12

Open
wants to merge 26 commits into
base: master
Choose a base branch
from
Open

Initial work on adding audit capabilities to lottip #12

wants to merge 26 commits into from

Conversation

rkoshy
Copy link

@rkoshy rkoshy commented Jun 24, 2022

This is not meant to be clean code -- it's structurally sound, but was more interested in getting something working for our needs. It may be worth cleaning up.

  1. Added packetization and processing code so that individual packets could be analyzed, rather than entire TCP buffers. This also accounts for partial packets in the stream.
  2. Beginnings of "Stateful Packet" inspection and logging of connection + user
  3. Blocks certain commands - should really be configurable.

brainz80 and others added 26 commits February 16, 2021 15:43
@brainz80
Updated pingPeriod and writeDeadlinePeriod
6a59be4
@brainz80
Updated Dockerfile
b250cb5
@brainz80
Added .gitattributes to docker -folder
47060c2
@brainz80
Update run.sh
6fa5f0e
@brainz80
Replaced imports
6869848
@brainz80
Updated title
8e0e02a
@brainz80
Added prism
f5e18c5
@brainz80
Add log to request and response
68a5a19
@brainz80
Fix run.sh to run lottip from /root/go/bin
bfcb813
@brainz80
Remove src
3d89e89
@rkoshy
Major refactoring and reworking
78b28e0 
Added the concept of connection states.
Contextual info is kept in a connection specific object.
Drastic changes to the way messages from the server are parsed.
Formatted logs to capture activity including connection, user, etc in each line - this is critical for PCI auditing
@rkoshy
Significant refactoring & cleanup to allow proper logging of queries …
026723f 
…and responses w/o actually logging the server data.
@rkoshy
Changed some defaults for the CLI
99dc6ac
@rkoshy
Minor cleanup to remove unnecessary exports
5813b1c
@rkoshy
Added the go module file
32ba19f
@rkoshy
Added the ability to enable and customize the logfiles [default to wr…
af7a916 
…iting to logs only]
@rkoshy
Updated the docker run script
0b24b00
@rkoshy
fixed the console logging flag in the run script
73fa4cb
@rkoshy
Fixed the Dockerfile
b312afd
@rkoshy
Updated to use cross platform file times lib
b3df05e
@rkoshy
Rolled back changes to the file time
069b0e7
@rkoshy
Commented out file rotation for now
3f27789
@rkoshy
Fixed the run.sh
e7bfcbb
@rkoshy
Changed the way file rolling works. Added support for sending OK pack…
627c2ee 
…et from client to server
@rkoshy
Fixed packet logging to support logging packets in either direction
7642af0
@rkoshy
Fixed the server handshake parsing/forcing of uncompressed protocol
1668972
@orderbynull
Copy link
Owner

Thanks for your PR! I'll examine it carefully, clean it up if necessary, test and merge it. I'll keep you updated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rkoshy @orderbynull @brainz80