You are here
User accessible login reports
Description:
The recent development of a database to store interesting events that have been filtered out from the centrally-stored syslog files means that it is now relatively straightforward to generate reports of logins for our users.
The aim of this project is to produce a mechanism (eg individual email reports, cosign-protected web page) for users to see from which remote machines their account has been accessed - including ssh and weblogin logins.
Deliverables: A working mechanism.
Customer: All users
Case statement: Recent evidence shows us that compromised accounts are a serious, and not infrequent, threat to the integrity of our computing systems.
When an account has been compromised, an attacker will often log on to systems accessible by that account to check for any local root exploits. If there are no current root exploits on those systems, the attacker will quietly logoff and keep the account details for a future attempt.
Providing a mechanism by which users could see from which external machine their account was accessed would allow users to spot suspicious activity on their account, hopefully before any malicious damage is done.
Status:
Timescales:
Priority:
Time:
Proposal:
Resources: Two weeks
Plan:
The simplest approach to providing access to this information for our users is to create a cosign-protected CGI script. This would use SQL to securely query the data stored in the buzzsaw database stored on the central log server.
The intention is to write this script using the python programming language. This provides the opportunity to gain valuable experience with an alternative programming language. This clearly means that the project will take longer but that has been factored into the effort allocation.
The web interface does not need to be complicated but will ideally have facilities to allowing basic paging (e.g. month by month) and sorting of the data (e.g. by date, source host, target host).
Separation of the query code from the presentation by using a templating system is preferable to make it easier to modify the interface in the future.
Along with the web interface we will send an email to each user every month summarising all the logins from the previous month. This means that all users will be encouraged to check their login history regularly.
Dependencies:
Risks:
Milestones
Proposed date | Achieved date | Name | Description |
---|---|---|---|
2012-11-23 | sql | Develop the python code to do the necessary SQL queries against the buzzsaw database. | |
2012-11-30 | cgi | Develop a cosign-protected cgi script which will use the sql query functions to find a list of logins for the user. | |
2012-12-14 | presentation | Develop a web interface using a templating system to present the data to the user in a reasonable format with basic paging and sorting functionality. | |
2012-12-21 | Develop a system to send an email to each user every month which summarises their login activity. |