Message359311
I have made PR 17824 to add auditing events for the command execution functions mentioned above.
After a review on other related Python modules, I think maybe the following functions can also be audited, but a discussion may be required to determine whether they are necessary (whether these actions are sensitive enough to record, and performance trade off).
- os.getenv/putenv/unsetenv
- os.getcwd/chdir
- os.chown/chmod
- os.stat/access
- os.link/symlink
- os.rename/renames/replace
- os.mkdir/mkdirs
- os.remove/removedirs/rmdir/unlink (`shutil.rmtree` is already audited)
- os.add_dll_directory
- os.fork
- os.kill/killpg
- os.path.exists/isfile/isdir/...
- signal.pthread_kill
- shutil.copy* (`shutil.copytree` is already audited)
- shutil.move
- shutil.chown
- shutil.unpack_archive (`shutil.make_archive` is already audited)
- resource.prlimit
- file operations in `msvcrt`
- functions in `fcntl`, `syslog`
- many high level networking modules such as `http.client/server`, `socketserver`, `xmlrpc` (the low-level `socket` calls are already audited) |
|
Date |
User |
Action |
Args |
2020-01-05 00:11:33 | gousaiyang | set | recipients:
+ gousaiyang, christian.heimes, steve.dower |
2020-01-05 00:11:33 | gousaiyang | set | messageid: <1578183093.79.0.610853888441.issue39184@roundup.psfhosted.org> |
2020-01-05 00:11:33 | gousaiyang | link | issue39184 messages |
2020-01-05 00:11:32 | gousaiyang | create | |
|