如何在Gitlab中找出给定推送事件的IP地址 [英] How to find out IP address of a given push event in Gitlab
问题描述
在Gitlab中冒充另一个用户很容易。请参阅此主题以获得更多详细信息。
通过检查存储库的活动日志,可以找出哪个用户执行了推送。但出于审计目的,我还想知道推送完成的IP地址。是否可以在Gitlab CE / EE中使用?
p> 您可以检查nginx的访问日志(
nginx / gitlab_access.log
):
<192.168.21.150 - johndoe [19 / Dec / 2016:08:05:58 +0100]POST /TEST/test.git/git-receive-pack HTTP / 1.1 200 52 - git / 2.9.2.windows.1
通过SSH完成
您可以检查gitlab-shell日志( gitlab-shell / gitlab-shell.log
)。可以找到推送的时间:
我,[2016-12-19T07:34:08.173561#3560]信息 - :gitlab -shell:使用密钥key-417为用户执行git命令。
然后您可以检查标准SSH日志以查找IP地址: /var/log/auth.log
或 / var / log / secure
:
Dec 19 07:34:08 gitlab-hostname s shd [3563]:接受来自192.168.21.151端口40864的git的publickey ssh2:RSA 32:ea:2d:e2:47:ac:fc:50:84:16:e2:16:57:b0:5c:2d
It's quite easy to impersonate another user in Gitlab. See this topic for more details.
It's possible to find out which user performed a push by examining "Activity" log of a repository. But for audit purposes I'd also like to know the IP address from which the push was done. Is it possible in Gitlab CE/EE?
Pushes done through HTTP(S)
You can examine access logs of nginx (nginx/gitlab_access.log
):
192.168.21.150 - johndoe [19/Dec/2016:08:05:58 +0100] "POST /TEST/test.git/git-receive-pack HTTP/1.1" 200 52 "-" "git/2.9.2.windows.1
Pushes done through SSH
You can examine gitlab-shell logs (gitlab-shell/gitlab-shell.log
). That way you can find the time of a push:
I, [2016-12-19T07:34:08.173561 #3560] INFO -- : gitlab-shell: executing git command for user with key key-417.
Then you can examine standard SSH logs to find the IP address: /var/log/auth.log
or /var/log/secure
:
Dec 19 07:34:08 gitlab-hostname sshd[3563]: Accepted publickey for git from 192.168.21.151 port 40864 ssh2: RSA 32:ea:2d:e2:47:ac:fc:50:84:16:e2:16:57:b0:5c:2d
这篇关于如何在Gitlab中找出给定推送事件的IP地址的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!