diff --git a/INSTALL.md b/INSTALL.md index b039aed..43dcbd5 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -9,7 +9,7 @@ curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' -o caddy-stabl gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg caddy-stable.gpg.key curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list apt update && apt upgrade -apt install -y bzip2 caddy composer curl gettext git gnupg2 net-tools php8.2 php8.2-bcmath php8.2-cli php8.2-common php8.2-curl php8.2-fpm php8.2-gd php8.2-gmp php8.2-gnupg php8.2-intl php8.2-mbstring php8.2-opcache php8.2-readline php8.2-swoole php8.2-xml unzip wget whois +apt install -y bzip2 caddy composer curl gettext git gnupg2 net-tools php8.2 php8.2-bcmath php8.2-cli php8.2-common php8.2-curl php8.2-fpm php8.2-gd php8.2-gmp php8.2-gnupg php8.2-intl php8.2-mbstring php8.2-opcache php8.2-readline php8.2-swoole php8.2-xml pv unzip wget whois ``` ### Configure OPcache @@ -211,10 +211,10 @@ Navigate to the automation directory in your command line interface. Execute the following command to install the necessary dependencies: ```bash -composer require badcow/dns phpseclib/phpseclib phpbu/phpbu +composer require badcow/dns phpseclib/phpseclib phpbu/phpbu setbased/php-audit ``` -This command will install the ```badcow/dns``` and ```phpseclib/phpseclib``` packages which are essential for the automation script to function correctly. +This command will install the essential packages for the automation scripts to function correctly. ### Install Optional Dependencies: @@ -240,6 +240,18 @@ To set up automated tasks for Namingo, open the example crontab file located at To run the notifications.php script as a background process, execute the following command: ```/usr/bin/php /opt/registry/automation/notifications.php &```. This will start the script and place it in the background, allowing it to run independently of your current terminal session. +### Setting Up an Audit Trail Database for Namingo + +To create an audit trail database for Namingo, start by editing the configuration file located at `/opt/registry/automation/audit.json` with the correct database details. This includes specifying the database connection parameters such as host, username, and password. Once your configuration is set up, create a new database named `registryAudit`. After the database is created, run the command: + +```bash +/opt/registry/automation/vendor/bin/audit -v audit /opt/registry/automation/audit.json +``` + +This will initialize and configure the audit trail functionality. This process ensures that all necessary tables and structures are set up in the registryAudit database, enabling comprehensive auditing of Namingo's operations. + +**Currently, the audit trail setup for Namingo is supported only with MySQL or MariaDB databases. If you're using PostgreSQL, you'll need to utilize an external tool for audit logging, such as [pgAudit](https://minervadb.com/index.php/pgaudit-open-source-postgresql-audit-logging/), which provides detailed audit logging capabilities tailored for PostgreSQL environments.** + ## 11. RDE (Registry data escrow) configuration: ### Generate the Key Pair: diff --git a/automation/audit.json b/automation/audit.json new file mode 100644 index 0000000..ff65582 --- /dev/null +++ b/automation/audit.json @@ -0,0 +1,244 @@ +{ + "database": { + "host": "localhost", + "port": 3306, + "user": "your_username", + "password": "your_password", + "data_schema": "registry", + "audit_schema": "registryAudit" + }, + "audit_columns": [ + { + "column_name": "audit_timestamp", + "column_type": "timestamp not null default now()", + "expression": "now()" + }, + { + "column_name": "audit_statement", + "column_type": "enum('INSERT','DELETE','UPDATE') character set ascii collate ascii_general_ci not null", + "value_type": "ACTION" + }, + { + "column_name": "audit_type", + "column_type": "enum('OLD','NEW') character set ascii collate ascii_general_ci not null", + "value_type": "STATE" + }, + { + "column_name": "audit_uuid", + "column_type": "bigint(20) unsigned not null", + "expression": "@audit_uuid" + }, + { + "column_name": "audit_rownum", + "column_type": "int(10) unsigned not null", + "expression": "@audit_rownum" + }, + { + "column_name": "audit_user", + "column_type": "varchar(80) character set utf8 collate utf8_bin not null", + "expression": "user()" + }, + { + "column_name": "audit_ses_id", + "column_type": "int(10) unsigned", + "expression": "@audit_ses_id" + }, + { + "column_name": "audit_usr_id", + "column_type": "int(10) unsigned", + "expression": "@audit_usr_id" + } + ], + "additional_sql": [ + "if (@audit_uuid is null) then", + " set @audit_uuid = uuid_short();", + "end if;", + "set @audit_rownum = ifnull(@audit_rownum, 0) + 1;" + ], + "tables": { + "domain_tld": { + "audit": true, + "skip": null + }, + "settings": { + "audit": true, + "skip": null + }, + "domain_price": { + "audit": true, + "skip": null + }, + "domain_restore_price": { + "audit": true, + "skip": null + }, + "error_log": { + "audit": null, + "skip": null + }, + "domain_price": { + "audit": true, + "skip": null + }, + "reserved_domain_names": { + "audit": true, + "skip": null + }, + "registrar": { + "audit": true, + "skip": null + }, + "registrar_whitelist": { + "audit": true, + "skip": null + }, + "registrar_contact": { + "audit": true, + "skip": null + }, + "registrar_ote": { + "audit": true, + "skip": null + }, + "poll": { + "audit": true, + "skip": null + }, + "payment_history": { + "audit": null, + "skip": null + }, + "statement": { + "audit": null, + "skip": null + }, + "invoices": { + "audit": null, + "skip": null + }, + "contact": { + "audit": true, + "skip": null + }, + "contact_postalInfo": { + "audit": true, + "skip": null + }, + "contact_authInfo": { + "audit": true, + "skip": null + }, + "contact_status": { + "audit": true, + "skip": null + }, + "domain": { + "audit": true, + "skip": null + }, + "domain_contact_map": { + "audit": true, + "skip": null + }, + "domain_authInfo": { + "audit": true, + "skip": null + }, + "domain_status": { + "audit": true, + "skip": null + }, + "secdns": { + "audit": true, + "skip": null + }, + "host": { + "audit": true, + "skip": null + }, + "domain_host_map": { + "audit": true, + "skip": null + }, + "host_addr": { + "audit": true, + "skip": null + }, + "host_status": { + "audit": true, + "skip": null + }, + "domain_auto_approve_transfer": { + "audit": true, + "skip": null + }, + "contact_auto_approve_transfer": { + "audit": true, + "skip": null + }, + "statistics": { + "audit": null, + "skip": null + }, + "users": { + "audit": true, + "skip": null + }, + "users_confirmations": { + "audit": null, + "skip": null + }, + "users_remembered": { + "audit": null, + "skip": null + }, + "users_resets": { + "audit": null, + "skip": null + }, + "users_throttling": { + "audit": null, + "skip": null + }, + "users_webauthn": { + "audit": true, + "skip": null + }, + "registrar_users": { + "audit": true, + "skip": null + }, + "urs_actions": { + "audit": null, + "skip": null + }, + "rde_escrow_deposits": { + "audit": null, + "skip": null + }, + "icann_reports": { + "audit": true, + "skip": null + }, + "promotion_pricing": { + "audit": true, + "skip": null + }, + "premium_domain_pricing": { + "audit": true, + "skip": null + }, + "ticket_categories": { + "audit": null, + "skip": null + }, + "support_tickets": { + "audit": null, + "skip": null + }, + "ticket_responses": { + "audit": null, + "skip": null + } + } +} \ No newline at end of file diff --git a/automation/backup.json b/automation/backup.json new file mode 100644 index 0000000..dde89ee --- /dev/null +++ b/automation/backup.json @@ -0,0 +1,88 @@ +{ + "verbose": true, + "logging": [ + { + "type": "json", + "target": "/var/log/namingo/backup.log" + } + ], + "backups": [ + { + "name": "Database", + "source": { + "type": "mysqldump", + "options": { + "databases": "your_database_name", + "user": "your_username", + "password": "your_password" + } + }, + "target": { + "dirname": "/opt/namingobackup", + "filename": "database-%Y%m%d-%H%i.sql", + "compress": "bzip2" + }, + "checks": [ + { + "type": "sizemin", + "value": "10M" + } + ], + "syncs": [ + { + "type": "sftp", + "options": { + "host": "backup.example.com", + "user": "user.name", + "password": "topsecret", + "path": "backup/someName" + } + } + ], + "cleanup": { + "type": "Capacity", + "options": { + "size": "750M" + } + } + }, + { + "name": "Files", + "source": { + "type": "tar", + "options": { + "path": "/opt/registry", + "throttle": "5m" + } + }, + "target": { + "dirname": "/opt/namingobackup", + "filename": "files-%Y%m%d-%H%i.sql", + "compress": "bzip2" + }, + "checks": [ + { + "type": "sizemin", + "value": "10M" + } + ], + "syncs": [ + { + "type": "sftp", + "options": { + "host": "backup.example.com", + "user": "user.name", + "password": "topsecret", + "path": "backup/someName" + } + } + ], + "cleanup": { + "type": "Capacity", + "options": { + "size": "750M" + } + } + } + ] +} \ No newline at end of file diff --git a/automation/crontab.example b/automation/crontab.example index 7f4a54b..dd19129 100644 --- a/automation/crontab.example +++ b/automation/crontab.example @@ -7,7 +7,7 @@ 59 * * * * root /usr/bin/php8.2 /opt/registry/automation/statistics.php >> /var/log/namingo/statistics.log # run backup at 59 min, every hour -59 * * * * /opt/registry/automation/vendor/bin/phpbu --configuration=/opt/registry/automation/backup.xml +59 * * * * /opt/registry/automation/vendor/bin/phpbu --configuration=/opt/registry/automation/backup.json # run change-domain-status.php every hour 30 * * * * root /usr/bin/php8.2 /opt/registry/automation/change-domain-status.php >> /var/log/namingo/change-domain-status.log