faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ntp+cmdmon: log allow/deny commands

Browse source 
Log added NTP and command access restrictions, using INFO severity if
from a chronyc command, DEBUG otherwise (i.e. from the config).
This commit is contained in:
Miroslav Lichvar 2022-11-16 15:59:49 +01:00
parent d0fd04c0a2
commit e789b0817f
2 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
cmdmon.c
View file

@ -1799,6 +1799,9 @@ CAM_AddAccessRestriction(IPAddr *ip_addr, int subnet_bits, int allow, int all)
if (status == ADF_BADSUBNET) { if (status == ADF_BADSUBNET) {
return 0; return 0;
} else if (status == ADF_SUCCESS) { } else if (status == ADF_SUCCESS) {
LOG(LOG_GetContextSeverity(LOGC_Command), "%s%s %s access from %s",
allow ? "Allowed" : "Denied", all ? " all" : "", "command",
UTI_IPSubnetToString(ip_addr, subnet_bits));
return 1; return 1;
} else { } else {
return 0; return 0;

4
ntp_core.c
View file

@ -2856,6 +2856,10 @@ NCR_AddAccessRestriction(IPAddr *ip_addr, int subnet_bits, int allow, int all)
if (status != ADF_SUCCESS) if (status != ADF_SUCCESS)
return 0; return 0;
LOG(LOG_GetContextSeverity(LOGC_Command), "%s%s %s access from %s",
allow ? "Allowed" : "Denied", all ? " all" : "", "NTP",
UTI_IPSubnetToString(ip_addr, subnet_bits));
/* Keep server sockets open only when an address allowed */ /* Keep server sockets open only when an address allowed */
if (allow) { if (allow) {
NTP_Remote_Address remote_addr; NTP_Remote_Address remote_addr;