mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-19 05:31:10 +02:00
Code Issues Projects Releases Wiki Activity
4,755 Commits 2,844 Branches 445 Tags
Commit Graph

26 Commits

Author SHA1 Message Date
Laura Bennett
7def50799b address latest feedback 2016-10-10 11:58:26 -04:00
Laura Bennett
a8813c4ff2 changes for 'mode' 2016-10-08 19:52:49 -04:00
Laura Bennett
635873cf4a initial commit for adding audit file permission changes 2016-10-07 15:09:32 -04:00
Jeff Mitchell
81cdd76a5c Adds HUP support for audit log files to close and reopen. (#1953) 
Adds HUP support for audit log files to close and reopen. This makes it
much easier to deal with normal log rotation methods.

As part of testing this I noticed that HUP and other items that come out
of command/server.go are going to stderr, which is where our normal log
lines go. This isn't so much problematic with our normal output but as
we officially move to supporting other formats this can cause
interleaving issues, so I moved those to stdout instead.
 2016-09-30 12:04:50 -07:00
Jeff Mitchell
8482118ac6 Transit and audit enhancements 2016-09-21 10:49:26 -04:00
Jeff Mitchell
e65b48a7e4 Actually show the error occurring if a file audit log can't be opened 2016-08-15 16:26:36 -04:00
Jeff Mitchell
47dc1ccd25 Add token accessor to wrap information if one exists 2016-06-13 23:58:17 +00:00
vishalnayak
4d28fa38c4 Read from 'path' to retain backward compatibility 2016-03-15 20:05:51 -04:00
vishalnayak
bac4fe0799 Rename id to path and path to file_path, print audit backend paths 2016-03-14 17:15:07 -04:00
Jeff Mitchell
9609f4bb78 s/hash_accessor/hmac_accessor/g 2016-03-14 14:52:29 -04:00
vishalnayak
51847a6b25 Use accessor being set as the condition to restore non-hashed values 2016-03-14 11:23:30 -04:00
vishalnayak
ac0639d5bc Added hash_accessor option to audit backends 2016-03-11 19:28:06 -05:00
Jeff Mitchell
49d525ebf3 Reintroduce the ability to look up obfuscated values in the audit log 
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).

In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)

Fixes #784
 2015-11-18 20:26:03 -05:00
Jeff Mitchell
8cf0d1444a If we fail to open a file path, show which it is in the error output 2015-10-30 14:30:21 -04:00
Jeff Mitchell
1a22cb0b12 Expand HMAC support in Salt; require an identifier be passed in to specify type but allow generation with and without. Add a StaticSalt ID for testing functions. Fix bugs; unit tests pass. 2015-09-18 17:38:30 -04:00
Jeff Mitchell
a4ca14cfbc Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash. 2015-09-18 17:38:22 -04:00
Jeff Mitchell
989b33483b Ensure that the 'file' audit backend can successfully open its given path before returning success. Fixes #550. 2015-08-26 09:13:10 -07:00
Armon Dadgar
b8754e740c audit: properly restore TLS state 2015-07-08 16:45:15 -06:00
Armon Dadgar
b49683a40b audit: fixing panic caused by tls connection state. Fixes #322 2015-06-29 17:16:17 -07:00
Nate Brown
71a738ad7d Logging authentication errors and bad token usage 2015-06-18 18:30:18 -07:00
Armon Dadgar
70ae9323e2 audit/file: Create file if it does not exist. Fixes #148 2015-05-06 11:33:06 -07:00
Armon Dadgar
1530403a04 audit/file: add log_raw parameter and default to hashing 2015-04-27 15:56:41 -07:00
Armon Dadgar
79d0c0affe audit/file: Attempt to create directory path. Fixes #38 2015-04-27 12:40:32 -07:00
Mitchell Hashimoto
8cab481400 audit/file: append 2015-04-19 22:43:39 -07:00
Mitchell Hashimoto
164335cfd8 audit/file: use JSON formatter to write output 2015-04-13 14:12:14 -07:00
Mitchell Hashimoto
2b12d51d70 builtin/audit: add file audit 2015-04-04 18:10:25 -07:00