From 488ab9046fe7961809c6e510bf5f16c6e9b2bf3b Mon Sep 17 00:00:00 2001 From: Johnny Date: Tue, 25 Sep 2018 21:24:54 +0000 Subject: [PATCH] Moves installation/config instructions to README. --- evennia/contrib/auditing/README.md | 67 ++++++++++++++++++++++++++++++ evennia/contrib/auditing/server.py | 44 +------------------- 2 files changed, 68 insertions(+), 43 deletions(-) create mode 100644 evennia/contrib/auditing/README.md diff --git a/evennia/contrib/auditing/README.md b/evennia/contrib/auditing/README.md new file mode 100644 index 0000000000..ce1eff800b --- /dev/null +++ b/evennia/contrib/auditing/README.md @@ -0,0 +1,67 @@ +# Input/Output Auditing + +Contrib - Johnny 2017 + +This is a tap that optionally intercepts all data sent to/from clients and the +server and passes it to a callback of your choosing. + +It is intended for quality assurance, post-incident investigations and debugging +but obviously can be abused. All data is recorded in cleartext. Please +be ethical, and if you are unwilling to properly deal with the implications of +recording user passwords or private communications, please do not enable +this module. + +Some checks have been implemented to protect the privacy of users. + + +Files included in this module: + + outputs.py - Example callback methods. This module ships with examples of + callbacks that send data as JSON to a file in your game/server/logs + dir or to your native Linux syslog daemon. You can of course write + your own to do other things like post them to Kafka topics. + + server.py - Extends the Evennia ServerSession object to pipe data to the + callback upon receipt. + + tests.py - Unit tests that check to make sure commands with sensitive + arguments are having their PII scrubbed. + + +Installation/Configuration: + +Deployment is completed by configuring a few settings in server.conf. In short, +you must tell Evennia to use this ServerSession instead of its own, specify +which direction(s) you wish to record and where you want the data sent. + + SERVER_SESSION_CLASS = 'evennia.contrib.auditing.server.AuditedServerSession' + + # Where to send logs? Define the path to a module containing your callback + # function. It should take a single dict argument as input. + AUDIT_CALLBACK = 'evennia.contrib.auditing.outputs.to_file' + + # Log user input? Be ethical about this; it will log all private and + # public communications between players and/or admins. + AUDIT_IN = True/False + + # Log server output? This will result in logging of ALL system + # messages and ALL broadcasts to connected players, so on a busy game any + # broadcast to all users will yield a single event for every connected user! + AUDIT_OUT = True/False + + # The default output is a dict. Do you want to allow key:value pairs with + # null/blank values? If you're just writing to disk, disabling this saves + # some disk space, but whether you *want* sparse values or not is more of a + # consideration if you're shipping logs to a NoSQL/schemaless database. + AUDIT_ALLOW_SPARSE = True/False + + # If you write custom commands that handle sensitive data like passwords, + # you must write a regular expression to remove that before writing to log. + # AUDIT_MASKS is a list of dictionaries that define the names of commands + # and the regexes needed to scrub them. + # + # The sensitive data itself must be captured in a named group with a + # label of 'secret'. + AUDIT_MASKS = [ + {'authentication': r"^@auth\s+(?P[\w]+)"}, + ] \ No newline at end of file diff --git a/evennia/contrib/auditing/server.py b/evennia/contrib/auditing/server.py index e5a9d67a67..923d873f0c 100644 --- a/evennia/contrib/auditing/server.py +++ b/evennia/contrib/auditing/server.py @@ -52,49 +52,7 @@ class AuditedServerSession(ServerSession): have their arguments masked by default, but you must mask or mask any custom commands of your own that handle sensitive information. - Installation: - - Designate this class as the SERVER_SESSION_CLASS in `settings.py`, then set - some additional options concerning what to log and where to send it. - - settings.py: - SERVER_SESSION_CLASS = 'evennia.contrib.auditing.server.AuditedServerSession' - - # Where to send logs? Define the path to a module containing a function - # called 'output()' you've written that accepts a dict object as its sole - # argument. From that function you can store/forward the message received - # as you please. An example file-logger is below: - AUDIT_CALLBACK = 'evennia.contrib.auditing.outputs.to_file' - - # Log all user input? Be ethical about this; it will log all private and - # public communications between players and/or admins. - AUDIT_IN = True/False - - # Log server output? This will result in logging of ALL system - # messages and ALL broadcasts to connected players, so on a busy MUD this - # will be very voluminous! - AUDIT_OUT = True/False - - # The default output is a dict. Do you want to allow key:value pairs with - # null/blank values? If you're just writing to disk, disabling this saves - # some disk space, but whether you *want* sparse values or not is more of a - # consideration if you're shipping logs to a NoSQL/schemaless database. - AUDIT_ALLOW_SPARSE = True/False - - # Any custom regexes to detect and mask sensitive information, to be used - # to detect and mask any custom commands you may develop. - # Takes the form of a list of dictionaries, one k:v pair per dictionary - # where the key name is the canonical name of a command which gets displayed - # at the tail end of the message so you can tell which regex masked it-- - # i.e. for a log entry with a typoed `connect` command: - # `conncect johnny *********** ` - # - # The sensitive data itself must be captured in a named group with a - # label of 'secret'. - AUDIT_MASKS = [ - {'authentication': r"^@auth\s+(?P[\w]+)"}, - ] - + See README.md for installation/configuration instructions. """ def audit(self, **kwargs): """