cPanel & WHM Version 92 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

Users Actions History

iakela shared this idea 4 years ago
Open Discussion

Clients too often asked to provide some proves that they installed/changed/removed something. It would be awesome if cPanel has "Action History" item where a client can see history of all his actions.

Comments (4)

photo
1

Is forensics the primary use of such a feature?

photo
2

I had change management in mind. For example, if we made some changes and wanted to go back and review what was done, that would allow us to do so. If there are multiple people managing a server, this can be helpful rather than relying on people doing a perfect job documenting things 100% of the time.


Secondarily, yeah, I'd say forensics is another goal, though I'd say more from an "accountability" standpoint - i.e. if we let a non-malicious vendor in to do work and we want to be able to see what changes they made. I'm not expecting it to prevent people trying to hide their tracks (like a hacker) from being able to do so.

photo
photo
2

I've always felt that cPanel was lacking logging ability.


You can see where users go but not exactly what happened.

With the addition of subusers it's beginning to be important to see who did what.


I agree with a289, mostly for accountability and maybe partly for forensics.

photo
1

Moreover, with "User Manager" feature, this should be even more necessary than ever.

photo
1

I second this feature. In fact, I was about to propose this feature. Specially when you have customers/staff/colleagues/resellers that misconfigured things but keep in denial of facts.


I hate to hijack threads but I have some ideas and use cases :)


Now that a User Manager is oncoming, forensics will become important, too.


I would consider this case scenario: it would be very helpful to track tasks made during illegal access/penetration, in order to determine what have been compromised, when, from where, and by whom (which user).


If this is the case, I think these kind of logs should be kept in a folder outside of /home, but with the user account permission access, in the same fashion as databases are currently handled: far from home folder but included in backups/transfers.


It's just a log of what settings have been changed via cPanel UI. Much like the history of changes in github repos. It should be an atomic task to record entries to these logs, so no performance struggle should be noticed. (Just appending data to a plain text file make sense for you?) If so, we will need some options in Tweak Settings:


[History of user account changes]

- Rotate changelogs every: (drop down: 50 MB, 300 MB ) of data. Default: 300 MB

- Time to keep changelogs locally: (drop down: 6 months, 1 year, 2 years, 5 years, indefinitely). Default: 6 months

- Keep changelogs after account deletion: yes/no. Default: no


Format of files: /account-changelog/[username]-[yyyy-mm-dd of rotation made].[log|tar.gz] (similar to exim_mainlog behaviour)

This format would make easy to locate, identify, and cat/zcat/grep via command line, and by being a plain txt you will be sure that no executable code could be even inserted on purpose :) (Because exploitation thru log viewers is always fun and feasible!)


Internal format: similar to Apache logs? (I leave it up to you)


Hope this help and this feature may become true some day this year.

Best regards