Indicate whether session.network events were allowed or blocked (#800) (

#802) * Indicate whether session.network events were allowed or blocked Fixes TEL-Q421-2 Fixes gravitational/teleport.e#331
gravitational · May 3, 2022 · 02665e8 · 02665e8
1 parent 074588a
commit 02665e8
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 9 deletions.
diff --git a/packages/teleport/src/Audit/__snapshots__/Audit.story.test.tsx.snap b/packages/teleport/src/Audit/__snapshots__/Audit.story.test.tsx.snap
@@ -2422,7 +2422,7 @@ exports[`list of all events 1`] = `
         <td
           style="word-break: break-word;"
         >
-          Program [bash] opened a connection [10.217.136.161 &lt;-&gt; 190.58.129.4:3000] within a session [44c6cea8-362f-11ea-83aa-125400432324]
+          [DENY] Program [bash] was prevented from opening a connection [10.217.136.161 &lt;-&gt; 190.58.129.4:3000] within a session [44c6cea8-362f-11ea-83aa-125400432324]
         </td>
         <td
           style="min-width: 120px;"
@@ -3440,7 +3440,7 @@ exports[`loaded audit log screen 1`] = `
           <td
             style="word-break: break-word;"
           >
-            Program [bash] opened a connection [10.217.136.161 &lt;-&gt; 190.58.129.4:3000] within a session [44c6cea8-362f-11ea-83aa-125400432324]
+            [ALLOW] Program [bash] successfully opened a connection [10.217.136.161 &lt;-&gt; 190.58.129.4:3000] within a session [44c6cea8-362f-11ea-83aa-125400432324]
           </td>
           <td
             style="min-width: 120px;"

diff --git a/packages/teleport/src/Audit/fixtures/index.ts b/packages/teleport/src/Audit/fixtures/index.ts
@@ -51,6 +51,7 @@ export const events = [
     dst_port: '3000',
     version: 4,
     time: '2019-04-22T19:39:26.676Z',
+    action: 1,
   },
   {
     code: 'T4001I',
@@ -832,6 +833,7 @@ export const eventsSample = [
     dst_port: '3000',
     version: 4,
     time: '2019-04-22T19:39:26.676Z',
+    action: 0,
   },
   {
     code: 'T4001I',

diff --git a/packages/teleport/src/services/audit/makeEvent.ts b/packages/teleport/src/services/audit/makeEvent.ts
@@ -56,8 +56,12 @@ export const formatters: Formatters = {
   [eventCodes.SESSION_NETWORK]: {
     type: 'session.network',
     desc: 'Session Network Connection',
-    format: ({ sid, program, src_addr, dst_addr, dst_port }) =>
-      `Program [${program}] opened a connection [${src_addr} <-> ${dst_addr}:${dst_port}] within a session [${sid}]`,
+    format: ({ action, sid, program, src_addr, dst_addr, dst_port }) => {
+      const a = action === 1 ? '[DENY]' : '[ALLOW]';
+      const desc =
+        action === 1 ? 'was prevented from opening' : 'successfully opened';
+      return `${a} Program [${program}] ${desc} a connection [${src_addr} <-> ${dst_addr}:${dst_port}] within a session [${sid}]`;
+    },
   },
   [eventCodes.SESSION_PROCESS_EXIT]: {
     type: 'session.process_exit',

diff --git a/packages/teleport/src/services/audit/types.ts b/packages/teleport/src/services/audit/types.ts
@@ -571,6 +571,7 @@ type RawEventCommand<T extends EventCode> = RawEvent<
 type RawEventNetwork<T extends EventCode> = RawEvent<
   T,
   {
+    action: number;
     login: string;
     namespace: string;
     pid: number;

diff --git a/yarn.lock b/yarn.lock
@@ -2181,11 +2181,6 @@
     "@types/minimatch" "*"
     "@types/node" "*"
 
-"@types/google-protobuf@^3.7.2":
-  version "3.7.4"
-  resolved "https://registry.yarnpkg.com/@types/google-protobuf/-/google-protobuf-3.7.4.tgz#1621c50ceaf5aefa699851da8e0ea606a2943a39"
-  integrity sha512-6PjMFKl13cgB4kRdYtvyjKl8VVa0PXS2IdVxHhQ8GEKbxBkyJtSbaIeK1eZGjDKN7dvUh4vkOvU9FMwYNv4GQQ==
-
 "@types/hast@^2.0.0":
   version "2.3.1"
   resolved "https://registry.yarnpkg.com/@types/hast/-/hast-2.3.1.tgz#b16872f2a6144c7025f296fb9636a667ebb79cd9"