zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-06-25 21:54:46 +02:00
Code Issues Projects Releases Packages Wiki Activity

Added audit trail and backup capabilities

Browse source
This commit is contained in:
Pinga 2023-11-27 16:21:06 +02:00
parent 147ddb4861
commit 3ac69f5d85
4 changed files with 348 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

18
INSTALL.md
View file

@ -9,7 +9,7 @@ curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' -o caddy-stabl
gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg caddy-stable.gpg.key gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg caddy-stable.gpg.key
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
apt update && apt upgrade apt update && apt upgrade
apt install -y bzip2 caddy composer curl gettext git gnupg2 net-tools php8.2 php8.2-bcmath php8.2-cli php8.2-common php8.2-curl php8.2-fpm php8.2-gd php8.2-gmp php8.2-gnupg php8.2-intl php8.2-mbstring php8.2-opcache php8.2-readline php8.2-swoole php8.2-xml unzip wget whois apt install -y bzip2 caddy composer curl gettext git gnupg2 net-tools php8.2 php8.2-bcmath php8.2-cli php8.2-common php8.2-curl php8.2-fpm php8.2-gd php8.2-gmp php8.2-gnupg php8.2-intl php8.2-mbstring php8.2-opcache php8.2-readline php8.2-swoole php8.2-xml pv unzip wget whois
``` ```
### Configure OPcache ### Configure OPcache
@ -211,10 +211,10 @@ Navigate to the automation directory in your command line interface.
Execute the following command to install the necessary dependencies: Execute the following command to install the necessary dependencies:
```bash ```bash
composer require badcow/dns phpseclib/phpseclib phpbu/phpbu composer require badcow/dns phpseclib/phpseclib phpbu/phpbu setbased/php-audit
``` ```
This command will install the ```badcow/dns``` and ```phpseclib/phpseclib``` packages which are essential for the automation script to function correctly. This command will install the essential packages for the automation scripts to function correctly.
### Install Optional Dependencies: ### Install Optional Dependencies:
@ -240,6 +240,18 @@ To set up automated tasks for Namingo, open the example crontab file located at
To run the notifications.php script as a background process, execute the following command: ```/usr/bin/php /opt/registry/automation/notifications.php &```. This will start the script and place it in the background, allowing it to run independently of your current terminal session. To run the notifications.php script as a background process, execute the following command: ```/usr/bin/php /opt/registry/automation/notifications.php &```. This will start the script and place it in the background, allowing it to run independently of your current terminal session.
### Setting Up an Audit Trail Database for Namingo
To create an audit trail database for Namingo, start by editing the configuration file located at `/opt/registry/automation/audit.json` with the correct database details. This includes specifying the database connection parameters such as host, username, and password. Once your configuration is set up, create a new database named `registryAudit`. After the database is created, run the command:
```bash
/opt/registry/automation/vendor/bin/audit -v audit /opt/registry/automation/audit.json
```
This will initialize and configure the audit trail functionality. This process ensures that all necessary tables and structures are set up in the registryAudit database, enabling comprehensive auditing of Namingo's operations.
**Currently, the audit trail setup for Namingo is supported only with MySQL or MariaDB databases. If you're using PostgreSQL, you'll need to utilize an external tool for audit logging, such as [pgAudit](https://minervadb.com/index.php/pgaudit-open-source-postgresql-audit-logging/), which provides detailed audit logging capabilities tailored for PostgreSQL environments.**
## 11. RDE (Registry data escrow) configuration: ## 11. RDE (Registry data escrow) configuration:
### Generate the Key Pair: ### Generate the Key Pair:

244
automation/audit.json Normal file
View file

@ -0,0 +1,244 @@
{
"database": {
"host": "localhost",
"port": 3306,
"user": "your_username",
"password": "your_password",
"data_schema": "registry",
"audit_schema": "registryAudit"
},
"audit_columns": [
{
"column_name": "audit_timestamp",
"column_type": "timestamp not null default now()",
"expression": "now()"
},
{
"column_name": "audit_statement",
"column_type": "enum('INSERT','DELETE','UPDATE') character set ascii collate ascii_general_ci not null",
"value_type": "ACTION"
},
{
"column_name": "audit_type",
"column_type": "enum('OLD','NEW') character set ascii collate ascii_general_ci not null",
"value_type": "STATE"
},
{
"column_name": "audit_uuid",
"column_type": "bigint(20) unsigned not null",
"expression": "@audit_uuid"
},
{
"column_name": "audit_rownum",
"column_type": "int(10) unsigned not null",
"expression": "@audit_rownum"
},
{
"column_name": "audit_user",
"column_type": "varchar(80) character set utf8 collate utf8_bin not null",
"expression": "user()"
},
{
"column_name": "audit_ses_id",
"column_type": "int(10) unsigned",
"expression": "@audit_ses_id"
},
{
"column_name": "audit_usr_id",
"column_type": "int(10) unsigned",
"expression": "@audit_usr_id"
}
],
"additional_sql": [
"if (@audit_uuid is null) then",
" set @audit_uuid = uuid_short();",
"end if;",
"set @audit_rownum = ifnull(@audit_rownum, 0) + 1;"
],
"tables": {
"domain_tld": {
"audit": true,
"skip": null
},
"settings": {
"audit": true,
"skip": null
},
"domain_price": {
"audit": true,
"skip": null
},
"domain_restore_price": {
"audit": true,
"skip": null
},
"error_log": {
"audit": null,
"skip": null
},
"domain_price": {
"audit": true,
"skip": null
},
"reserved_domain_names": {
"audit": true,
"skip": null
},
"registrar": {
"audit": true,
"skip": null
},
"registrar_whitelist": {
"audit": true,
"skip": null
},
"registrar_contact": {
"audit": true,
"skip": null
},
"registrar_ote": {
"audit": true,
"skip": null
},
"poll": {
"audit": true,
"skip": null
},
"payment_history": {
"audit": null,
"skip": null
},
"statement": {
"audit": null,
"skip": null
},
"invoices": {
"audit": null,
"skip": null
},
"contact": {
"audit": true,
"skip": null
},
"contact_postalInfo": {
"audit": true,
"skip": null
},
"contact_authInfo": {
"audit": true,
"skip": null
},
"contact_status": {
"audit": true,
"skip": null
},
"domain": {
"audit": true,
"skip": null
},
"domain_contact_map": {
"audit": true,
"skip": null
},
"domain_authInfo": {
"audit": true,
"skip": null
},
"domain_status": {
"audit": true,
"skip": null
},
"secdns": {
"audit": true,
"skip": null
},
"host": {
"audit": true,
"skip": null
},
"domain_host_map": {
"audit": true,
"skip": null
},
"host_addr": {
"audit": true,
"skip": null
},
"host_status": {
"audit": true,
"skip": null
},
"domain_auto_approve_transfer": {
"audit": true,
"skip": null
},
"contact_auto_approve_transfer": {
"audit": true,
"skip": null
},
"statistics": {
"audit": null,
"skip": null
},
"users": {
"audit": true,
"skip": null
},
"users_confirmations": {
"audit": null,
"skip": null
},
"users_remembered": {
"audit": null,
"skip": null
},
"users_resets": {
"audit": null,
"skip": null
},
"users_throttling": {
"audit": null,
"skip": null
},
"users_webauthn": {
"audit": true,
"skip": null
},
"registrar_users": {
"audit": true,
"skip": null
},
"urs_actions": {
"audit": null,
"skip": null
},
"rde_escrow_deposits": {
"audit": null,
"skip": null
},
"icann_reports": {
"audit": true,
"skip": null
},
"promotion_pricing": {
"audit": true,
"skip": null
},
"premium_domain_pricing": {
"audit": true,
"skip": null
},
"ticket_categories": {
"audit": null,
"skip": null
},
"support_tickets": {
"audit": null,
"skip": null
},
"ticket_responses": {
"audit": null,
"skip": null
}
}
}

88
automation/backup.json Normal file
View file

@ -0,0 +1,88 @@
{
"verbose": true,
"logging": [
{
"type": "json",
"target": "/var/log/namingo/backup.log"
}
],
"backups": [
{
"name": "Database",
"source": {
"type": "mysqldump",
"options": {
"databases": "your_database_name",
"user": "your_username",
"password": "your_password"
}
},
"target": {
"dirname": "/opt/namingobackup",
"filename": "database-%Y%m%d-%H%i.sql",
"compress": "bzip2"
},
"checks": [
{
"type": "sizemin",
"value": "10M"
}
],
"syncs": [
{
"type": "sftp",
"options": {
"host": "backup.example.com",
"user": "user.name",
"password": "topsecret",
"path": "backup/someName"
}
}
],
"cleanup": {
"type": "Capacity",
"options": {
"size": "750M"
}
}
},
{
"name": "Files",
"source": {
"type": "tar",
"options": {
"path": "/opt/registry",
"throttle": "5m"
}
},
"target": {
"dirname": "/opt/namingobackup",
"filename": "files-%Y%m%d-%H%i.sql",
"compress": "bzip2"
},
"checks": [
{
"type": "sizemin",
"value": "10M"
}
],
"syncs": [
{
"type": "sftp",
"options": {
"host": "backup.example.com",
"user": "user.name",
"password": "topsecret",
"path": "backup/someName"
}
}
],
"cleanup": {
"type": "Capacity",
"options": {
"size": "750M"
}
}
}
]
}

2
automation/crontab.example
View file

@ -7,7 +7,7 @@
59 * * * * root /usr/bin/php8.2 /opt/registry/automation/statistics.php >> /var/log/namingo/statistics.log 59 * * * * root /usr/bin/php8.2 /opt/registry/automation/statistics.php >> /var/log/namingo/statistics.log
# run backup at 59 min, every hour # run backup at 59 min, every hour
59 * * * * /opt/registry/automation/vendor/bin/phpbu --configuration=/opt/registry/automation/backup.xml 59 * * * * /opt/registry/automation/vendor/bin/phpbu --configuration=/opt/registry/automation/backup.json
# run change-domain-status.php every hour # run change-domain-status.php every hour
30 * * * * root /usr/bin/php8.2 /opt/registry/automation/change-domain-status.php >> /var/log/namingo/change-domain-status.log 30 * * * * root /usr/bin/php8.2 /opt/registry/automation/change-domain-status.php >> /var/log/namingo/change-domain-status.log