diff --git a/Cargo.lock b/Cargo.lock index ebf232f..d38242f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1986,6 +1986,7 @@ name = "watchdog" version = "0.1.0" dependencies = [ "base64", + "chrono", "clap", "error-chain", "nix", diff --git a/Cargo.toml b/Cargo.toml index a09c574..280a0cc 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -18,6 +18,7 @@ toml_edit="0.1.5" nix = "0.9.0" openssl = "0.10" openssl-sys = "0.9.58" +chrono = "0.4" [[ bin ]] name = "watchdog" diff --git a/src/auth.rs b/src/auth.rs index 249f555..f071074 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -13,9 +13,10 @@ use lib::utils::AUTH_LOG_PATH; pub fn handle_auth(ssh_host_username: &str, ssh_key: &str) -> Result<()> { let config = read_config()?; init(&config)?; - + logger::logln(&format!("ssh_key in handle_auth: {}", ssh_key)); match validate_user(&config, ssh_host_username.to_string(), ssh_key) { Ok(true) => { + logger::logln("User validated"); let data = format!( "ssh_host_username = '{}'\nssh_key = '{}'\n", ssh_host_username, ssh_key @@ -23,16 +24,23 @@ pub fn handle_auth(ssh_host_username: &str, ssh_key: &str) -> Result<()> { fs::write("/opt/watchdog/ssh_env", data) .chain_err(|| "Cannot write temporary environment file. Please check if the watchdog `auth_keys_cmd` is run by the root user")?; - + logger::logln("Temporary environment file written"); println!("{}", ssh_key); + let name = get_name(&config, ssh_key)?; + if let Err(e) = logger::log(AUTH_LOG_PATH, "SUCCESS", &format!("User: {}", name)) { + println!("Failed to log: {}", e); + } + logger::logln("Logging successful"); Ok(()) } Ok(false) => { + logger::logln("User not validated"); let name = get_name(&config, ssh_key)?; - if let Err(e) = logger::log(AUTH_LOG_PATH, "SUCCESS", &format!("User: {}", name)) { + if let Err(e) = logger::log(AUTH_LOG_PATH, "Failed", &format!("User: {}", name)) { println!("Failed to log: {}", e); } + logger::logln("Logging failed"); match fork() { Ok(ForkResult::Parent { .. }) => {} Ok(ForkResult::Child) => { @@ -48,7 +56,9 @@ pub fn handle_auth(ssh_host_username: &str, ssh_key: &str) -> Result<()> { } Ok(()) } - - Err(e) => Err(e).chain_err(|| "Error while validating user from keyhouse"), + Err(e) => { + logger::logln("Error while validating user from keyhouse"); + Err(e).chain_err(|| "Error while validating user from keyhouse") + } } } diff --git a/src/lib/logger.rs b/src/lib/logger.rs index 59455b8..3bb3ac8 100644 --- a/src/lib/logger.rs +++ b/src/lib/logger.rs @@ -2,13 +2,15 @@ use std::fs::OpenOptions; use std::io::Write; use std::time::{SystemTime, UNIX_EPOCH}; use std::io::Result; +use chrono::{DateTime, Utc}; pub fn log(filepath: &str, status: &str, message: &str) -> Result<()> { let start = SystemTime::now(); let since_the_epoch = start.duration_since(UNIX_EPOCH).expect("Time went backwards"); let timestamp = since_the_epoch.as_secs(); - - let log_message = format!("{} - {} - {}\n", timestamp, status, message); + let datetime = DateTime::::from(SystemTime::UNIX_EPOCH + std::time::Duration::from_secs(timestamp)); + let readable_time = datetime.format("%Y-%m-%d %H:%M:%S").to_string(); + let log_message = format!("{} - {} - {}\n", readable_time, status, message); let mut file = OpenOptions::new() .append(true) @@ -17,4 +19,22 @@ pub fn log(filepath: &str, status: &str, message: &str) -> Result<()> { file.write_all(log_message.as_bytes())?; Ok(()) -} \ No newline at end of file +} + +pub fn logln(message: &str) { + let start = SystemTime::now(); + let since_the_epoch = start.duration_since(UNIX_EPOCH).expect("Time went backwards"); + let timestamp = since_the_epoch.as_secs(); + let datetime = DateTime::::from(SystemTime::UNIX_EPOCH + std::time::Duration::from_secs(timestamp)); + let readable_time = datetime.format("%Y-%m-%d %H:%M:%S").to_string(); + let log_message = format!("{} - {}\n", readable_time, message); + + let filepath = "/opt/watchdog/custom-logs/watchdog.logs"; + let mut file = OpenOptions::new() + .append(true) + .create(true) + .open(filepath).expect("Failed to open log file"); + + + file.write_all(log_message.as_bytes()).expect("Failed to write to log file"); + } \ No newline at end of file diff --git a/src/main.rs b/src/main.rs index e01bcaa..b5db349 100644 --- a/src/main.rs +++ b/src/main.rs @@ -11,7 +11,7 @@ use clap::{App, AppSettings, Arg, SubCommand}; use lib::config::{get_config_value, set_config_value}; use lib::errors::Error; - +use lib::logger; use auth::handle_auth; use ssh::{handle_ssh, handle_ssh_logs}; use su::{handle_su, handle_su_logs}; @@ -94,6 +94,7 @@ fn main() { std::process::exit(1); } } else if let Some(ref _matches) = matches.subcommand_matches("ssh") { + logger::logln("SSH Command"); if let Err(e) = handle_ssh() { println!("watchdog-ssh error: {}", e); print_traceback(e); @@ -104,13 +105,16 @@ fn main() { let keytype = matches.value_of("keytype").unwrap(); let user = matches.value_of("user").unwrap(); let ssh_key = format!("{} {}", keytype, pubkey); + logger::logln(&format!("ssh_key: {}", ssh_key)); if let Err(e) = handle_auth(&user, &ssh_key) { println!("watchdog-auth error: {}", e); + logger::logln(&format!("watchdog-auth error: {}", e)); print_traceback(e); std::process::exit(1); } } else if let Some(ref matches) = matches.subcommand_matches("logs") { let filter = matches.value_of("filter").unwrap(); + logger::logln(&format!("Filter: {}", filter)); if filter == "all" { handle_all_logs(); } else if filter == "sudo" { diff --git a/src/ssh.rs b/src/ssh.rs index ff92d00..6593295 100644 --- a/src/ssh.rs +++ b/src/ssh.rs @@ -14,18 +14,21 @@ use lib::logger; use lib::utils::SSH_LOG_PATH; pub fn handle_ssh() -> Result<()> { + logger::logln("in handle_ssh SSH Command"); let pam_type = env::var("PAM_TYPE") .chain_err(|| "PAM_TYPE not set. If you are running this by `watchdog ssh`, please don't. It's an internal command, intended to be used by PAM.")?; - + logger::logln(&format!("PAM_TYPE: {}", pam_type)); if pam_type == "open_session" { let config = read_config()?; init(&config)?; let env = read_temp_env("/opt/watchdog/ssh_env")?; + logger::logln(&format!("env: {{ ssh_host_username: {}, ssh_key: {} }}", env.ssh_host_username, env.ssh_key)); let name = get_name(&config, &env.ssh_key)?; if let Err(e) = logger::log(SSH_LOG_PATH, "SUCCESS", &format!("User: {}", name)) { println!("Failed to log: {}", e); } + logger::logln("Logging successful"); match fork() { Ok(ForkResult::Parent { .. }) => {} Ok(ForkResult::Child) => { @@ -38,6 +41,7 @@ pub fn handle_ssh() -> Result<()> { } pub fn handle_ssh_logs() { + logger::logln("in handle_ssh_logs"); Command::new("less") .arg("/opt/watchdog/logs/ssh.logs") .status() diff --git a/src/sudo.rs b/src/sudo.rs index 4a36694..c048ac7 100644 --- a/src/sudo.rs +++ b/src/sudo.rs @@ -16,13 +16,15 @@ pub fn handle_sudo() -> Result<()> { let pam_ruser = env::var("PAM_RUSER") .chain_err(|| "PAM_RUSER not set. If you are running this by `watchdog sudo`, please don't. It's an internal command, intended to be used by PAM.")?; - + logger::logln(&format!("PAM_RUSER: {}", pam_ruser)); + logger::logln(&format!("PAM_TYPE: {}", pam_type)); if pam_type == "open_session" { let config = read_config()?; init(&config)?; if let Err(e) = logger::log(SUDO_LOG_PATH, "SUCCESS", &format!("User: {}", pam_ruser)) { println!("Failed to log: {}", e); } + logger::logln("Logging successful"); match fork() { Ok(ForkResult::Parent { .. }) => {} Ok(ForkResult::Child) => {