sally-js
v0.3.0sally
Secure audit logging records the user’s actions on content and enables detection of some forms of tampering with the logs. Sally provides strong cryptographic assurances that data stored before a system compromise cannot be modified after the compromise without detection.
Getting started
Install with npm
> npm install sally-js
with express
var express = require('express');
var sally = require('sally-js');
var app = express();
app.use(sally.express({ secret: 'a not secure secret' }));
Produces an audit trail of each request that modifies a resource or returns an error status code (4xx or 5xx).
{ audit:
{ who: 'anonymous',
when: '2015-11-12T05:38:22.159Z',
where:
{ client: '::ffff:127.0.0.1',
host: '127.0.0.1:33578',
server: 'richardschneider-sally-2123745' },
why: 'POST',
what: '/something/2',
status: 201 },
digest: 'DVSJZKM0xASOu76y3X/VNjZ4FuTb/P3OXW9MiS5vV/w=' }
{ audit:
{ who: 'anonymous',
when: '2015-11-07T11:00:06.005Z',
where: { server: 'RoadWarrior' },
why: 'GET',
what: '/something/unknown',
status: 404 },
digest: 'xUTQHAbg8W+mZkRy4zsUs8bVw2NK/e0JZd/vNbkujRg=' }
sally.express()
takes th following options object
property | description |
---|---|
methods | An array of HTTP method that will trigger an audit. Any status above 399 will also trigger an audit. The default is ['POST', 'PUT', 'DELETE', 'PATCH'] . |
user | a function(req) that should return the user name or ID or both. Defaults to req => 'anonymous' . |
hostname | The name of the server. Defaults to os.hostname() . |
prefix | A prefix for each audit log file. Defaults to 'express-' . |
with javascript
var sally = require('sally');
new sally.AuditTrail({ secret: 'a not secure secret' });
sally.log('hello world');
sally.log({ user: 'x', operation: 'login'})
with command line
sally --help
Usage: sally-cli <cmd>
Commands:
verify <file> verify the audit trail file, glob wildcards allowed
list <file> petty print the audit trail file
Secure audit log manager
Options:
-h, --help output usage information
-V, --version output the version number
-s, --secret [text] the secret for the audit trail, defaults to the environment variable "sallySecret"
-v, --verbose verbose
Secret
Sally uses the secret
to generate the HMAC digest which provides the strong cryptographic assurances. It can be set with sally.configure({ secret: ...})
or with sally.express({ ... })
. However, this means that the secret
is in your code and possible also in the repo.
To avoid the above issue, Sally will use the value of the environment variable SallySecret
, if present, as the secret value.