Skip to content
This repository was archived by the owner on May 10, 2024. It is now read-only.

Introduce audit log #286

Open
Open
@blackandred

Description

@blackandred

For compliance reasons an audit log may be introduced to record all security related failures and backup downloads.

Example events:

  • "backup downloaded from X IP at 01.01.2023 + token shortcut"
  • "failed to upload backup, window does not match, date: 01.01.2023 + IP + token shortcut"
  • "failed to upload backup, no gpg header/footer found + date + IP + token shortcut"
  • "too many backups uploaded in a short time period + date + IP + token shortcut"
  • "warning: backup file is at least 50% lighter than previous backup"
  • "tried to upload files simultaneously + date + IP + token shortcut"

There should be an endpoint to browse the audit log, with a pagination.
Every entry in the audit log should have a severity one of: low, medium, high
The audit log should require a permission from the user to view.

Additionally the collection health endpoint could show an extra entry that counts if there is any entry with high severity with a possibiity to pass the "since" date as a query string parameter, with defaults to 1 day.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions