[asterisk-dev] [Code Review] Security Event Framework Proposal

Russell Bryant russell at digium.com
Tue Jun 9 08:21:50 CDT 2009 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://reviewboard.digium.com/r/273/
-----------------------------------------------------------

(Updated 2009-06-09 08:21:50.039989)


Review request for Asterisk Developers.


Changes
-------

Updating description with my notes regarding what is left before the patch is trunk-ready.


Summary (updated)
-------

The included changes include a proposal for a security event framework for Asterisk.  The document "security_events.txt" contains the proposal.  The associated code is an implementation of the proposal.

Here is what is left, in my opinion, before this can be merged into trunk:

1) Some code review.  :-)

2) I started to modify chan_sip, but now I think we should leave those modifications out of this patch completely.  Finding all of the right places to report this information from chan_sip is complex enough that I think we should handle it as its own patch as a second phase.  Similarly, while custom events from the dialplan is in the proposal, I would like to handle that in a different patch.
  
3) I would like to move the information currently in security_events.txt into the Asterisk documentation set in doc/tex/.

4) It would be a good idea to test some of the modified code paths for the manager interface.


Diffs
-----

  /trunk/channels/chan_sip.c 199738 
  /trunk/include/asterisk/event_defs.h 199738 
  /trunk/include/asterisk/security_events.h PRE-CREATION 
  /trunk/include/asterisk/security_events_defs.h PRE-CREATION 
  /trunk/main/event.c 199738 
  /trunk/main/manager.c 199738 
  /trunk/main/security_events.c PRE-CREATION 
  /trunk/res/res_security_log.c PRE-CREATION 
  /trunk/security_events.txt PRE-CREATION 
  /trunk/tests/test_security_events.c PRE-CREATION 

Diff: http://reviewboard.digium.com/r/273/diff


Testing
-------

A test module has been written to generate security events.  You can run the test command and verify that the events come out in the custom security log channel, demonstrating the documented security log format:

Here is some example output:

*CLI> securityevents test generation

...

SECURITY[17921]: res_security_log.c:125 security_event_cb: SecurityEvent="FailedACL",Service="TEST",EventVersion="1",AccountID="Username",SessionID="Session123",LocalAddress="IPV4/UDP/192.168.1.1/12121",RemoteAddress="IPV4/UDP/192.168.1.2/12345",Module="test_security_events",ACLName="TEST_ACL",SessionTV="1244131376-695232"

...


Thanks,

Russell

More information about the asterisk-dev mailing list