如何在Gitlab中找出给定推送事件的IP地址 [英] How to find out IP address of a given push event in Gitlab

问题描述

在Gitlab中冒充另一个用户很容易。请参阅此主题以获得更多详细信息。

通过检查存储库的活动日志，可以找出哪个用户执行了推送。但出于审计目的，我还想知道推送完成的IP地址。是否可以在Gitlab CE / EE中使用？

解决方案

p>

您可以检查nginx的访问日志（ nginx / gitlab_access.log ）：

<192.168.21.150 - johndoe [19 / Dec / 2016：08：05：58 +0100]POST /TEST/test.git/git-receive-pack HTTP / 1.1 200 52 - git / 2.9.2.windows.1

通过SSH完成

您可以检查gitlab-shell日志（ gitlab-shell / gitlab-shell.log ）。可以找到推送的时间：

我，[2016-12-19T07：34：08.173561＃3560]信息 - ：gitlab -shell：使用密钥key-417为用户执行git命令。

然后您可以检查标准SSH日志以查找IP地址： /var/log/auth.log 或 / var / log / secure ：

Dec 19 07:34:08 gitlab-hostname s shd [3563]：接受来自192.168.21.151端口40864的git的publickey ssh2：RSA 32：ea：2d：e2：47：ac：fc：50：84：16：e2：16：57：b0：5c：2d

It's quite easy to impersonate another user in Gitlab. See this topic for more details.

It's possible to find out which user performed a push by examining "Activity" log of a repository. But for audit purposes I'd also like to know the IP address from which the push was done. Is it possible in Gitlab CE/EE?

解决方案

Pushes done through HTTP(S)

You can examine access logs of nginx (nginx/gitlab_access.log):

192.168.21.150 - johndoe [19/Dec/2016:08:05:58 +0100] "POST /TEST/test.git/git-receive-pack HTTP/1.1" 200 52 "-" "git/2.9.2.windows.1

Pushes done through SSH

You can examine gitlab-shell logs (gitlab-shell/gitlab-shell.log). That way you can find the time of a push:

I, [2016-12-19T07:34:08.173561 #3560] INFO -- : gitlab-shell: executing git command for user with key key-417.

Then you can examine standard SSH logs to find the IP address: /var/log/auth.log or /var/log/secure:

Dec 19 07:34:08 gitlab-hostname sshd[3563]: Accepted publickey for git from 192.168.21.151 port 40864 ssh2: RSA 32:ea:2d:e2:47:ac:fc:50:84:16:e2:16:57:b0:5c:2d

这篇关于如何在Gitlab中找出给定推送事件的IP地址的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！