[asterisk-dev] [Code Review] Security Event Framework Proposal

Fri Jun 5 17:25:41 CDT 2009

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://reviewboard.digium.com/r/273/
-----------------------------------------------------------

(Updated 2009-06-05 17:25:40.965487)

Review request for Asterisk Developers.

Changes
-------

Update diff to include missing res_security_log.c

Summary
-------

The included changes include a proposal for a security event framework for Asterisk.  The document "security_events.txt" contains the proposal.  The associated code is a partial implementation of the proposal.  Everything that is there is ready for review.  There are still more events to expose, and then modifications to chan_sip (at least) to generate them before it's fully ready for trunk, though.

Diffs (updated)
-----

  /trunk/channels/chan_sip.c 199328 
  /trunk/include/asterisk/event_defs.h 199328 
  /trunk/include/asterisk/security_events.h PRE-CREATION 
  /trunk/include/asterisk/security_events_defs.h PRE-CREATION 
  /trunk/main/event.c 199328 
  /trunk/main/security_events.c PRE-CREATION 
  /trunk/res/res_security_log.c PRE-CREATION 
  /trunk/security_events.txt PRE-CREATION 
  /trunk/tests/test_security_events.c PRE-CREATION 

Diff: http://reviewboard.digium.com/r/273/diff

Testing
-------

A test module has been written to generate security events.  You can run the test command and verify that the events come out in the custom security log channel, demonstrating the documented security log format:

Here is some example output:

*CLI> securityevents test generation

...

SECURITY[17921]: res_security_log.c:125 security_event_cb: SecurityEvent="FailedACL",Service="TEST",EventVersion="1",AccountID="Username",SessionID="Session123",LocalAddress="IPV4/UDP/192.168.1.1/12121",RemoteAddress="IPV4/UDP/192.168.1.2/12345",Module="test_security_events",ACLName="TEST_ACL",SessionTV="1244131376-695232"

...

Thanks,

Russell