You are here

User accessible login reports

Project ID: 
254
Current stage: 
Manager: 
Unit: 
What: 

Description:

The recent development of a database to store interesting events that have been filtered out from the centrally-stored syslog files means that it is now relatively straightforward to generate reports of logins for our users.

The aim of this project is to produce a mechanism (eg individual email reports, cosign-protected web page) for users to see from which remote machines their account has been accessed - including ssh and weblogin logins.

Deliverables: A working mechanism.

Why: 

Customer: All users

Case statement: Recent evidence shows us that compromised accounts are a serious, and not infrequent, threat to the integrity of our computing systems.

When an account has been compromised, an attacker will often log on to systems accessible by that account to check for any local root exploits. If there are no current root exploits on those systems, the attacker will quietly logoff and keep the account details for a future attempt.

Providing a mechanism by which users could see from which external machine their account was accessed would allow users to spot suspicious activity on their account, hopefully before any malicious damage is done.

When: 

Status:

Timescales:

Priority:

Time:

How: 

Proposal:

Resources: Two weeks

Plan:

The simplest approach to providing access to this information for our users is to create a cosign-protected CGI script. This would use SQL to securely query the data stored in the buzzsaw database stored on the central log server.

The intention is to write this script using the python programming language. This provides the opportunity to gain valuable experience with an alternative programming language. This clearly means that the project will take longer but that has been factored into the effort allocation.

The web interface does not need to be complicated but will ideally have facilities to allowing basic paging (e.g. month by month) and sorting of the data (e.g. by date, source host, target host).

Separation of the query code from the presentation by using a templating system is preferable to make it easier to modify the interface in the future.

Along with the web interface we will send an email to each user every month summarising all the logins from the previous month. This means that all users will be encouraged to check their login history regularly.

Effort taken (days): 
15
Other: 

Dependencies:

Risks:

Milestones

Proposed date Achieved date Name Description
2012-11-23 sql Develop the python code to do the necessary SQL queries against the buzzsaw database.
2012-11-30 cgi Develop a cosign-protected cgi script which will use the sql query functions to find a list of logins for the user.
2012-12-14 presentation Develop a web interface using a templating system to present the data to the user in a reasonable format with basic paging and sorting functionality.
2012-12-21 email Develop a system to send an email to each user every month which summarises their login activity.