2009.11.03 23:08 Andrew Daviel rašė:
>
> We have been having problems with compromised accounts used for spamming,
> and I needed to track user logins against client ip address.
>
> The remote address turns up in the Message-ID, e.g.
> <port>.<ipv4a.b.c.d>.nnnn.squirrel...
> and in Apache access_log, but those don't give the username.
> imapd syslog gives the username, but lists 127.0.0.1 as the address.
> Correlating timestamps was painful, so I hacked squirrelmail.
>
> I'm sure there's a better, more elegant way, probably already done by
> someone - maybe "Squirrel Logger" plugin which I hadn't found when I
> wrote this. But for what it's worth:
>
> patch aginst squirrelmail-1.4.8-5.el4 (Latest RedHat Enterprise 4
> package) - generates a simple greppable file of logins and logouts :
>
>
> --- /usr/share/squirrelmail/src/redirect.php.orig 2009-01-20
> 21:21:31.000000000 -0800
> +++ /usr/share/squirrelmail/src/redirect.php 2009-10-23
> 16:56:03.000000000 -0700
> @@ -99,7 +99,11 @@
> sqsession_register ($username, 'username');
> sqsetcookie('key', $key, 0, $base_uri);
> do_hook ('login_verified');
> -
> + if ($logfile = fopen('/var/log/squirrelmail/session.log','a+') ) {
> + $logline = date('Y-m-d H:i:s ') . $_SERVER['REMOTE_ADDR'] . ' login
> ' . $username . "\n";
> + fputs($logfile, $logline, strlen($logline) );
> + fclose($logfile);
> + }
> }
>
> /* Set the login variables. */
> --- /usr/share/squirrelmail/src/signout.php.orig 2006-07-30
> 12:37:38.000000000 -0700
> +++ /usr/share/squirrelmail/src/signout.php 2009-10-23
> 18:10:51.000000000 -0700
> @@ -43,6 +43,11 @@
> }
>
> do_hook('logout');
> +if ($logfile = fopen('/var/log/squirrelmail/session.log','a+') ) {
> + $logline = date('Y-m-d H:i:s ') . $_SERVER['REMOTE_ADDR'] . ' logout '
> . $username . "\n";
> + fputs($logfile, $logline, strlen($logline) );
> + fclose($logfile);
> +}
>
> sqsession_destroy();
>
> ---------------------
> /var/log/squirrelmail needs to exist, writable by apache
> (PHP is not my choice of scripting language, so this is way crude ...)
See PHP error_log() and syslog() documentation. There is no need to do
fopen stuff.
date() is sensitive to timezone. Not good for logs.
you should also log login failures.
Your both changes are added right after hook calls. There is no need to
modify SquirrelMail code. Plugin can be attached to those hooks.
--
Tomas
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
