From cd47d41512f99aff9eaaaaf6e796a34aa00fa8bf Mon Sep 17 00:00:00 2001
From: Jim Popovitch <jimpop@domainmail.org>
Date: Wed, 6 Jun 2018 10:06:19 +0000
Subject: Improved logging of security related events

---
 Mailman/Cgi/private.py | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'Mailman/Cgi/private.py')

diff --git a/Mailman/Cgi/private.py b/Mailman/Cgi/private.py
index 80369e84..f5c73821 100755
--- a/Mailman/Cgi/private.py
+++ b/Mailman/Cgi/private.py
@@ -142,6 +142,11 @@ def main():
         if cgidata.has_key('submit'):
             # This is a re-authorization attempt
             message = Bold(FontSize('+1', _('Authorization failed.'))).Format()
+            remote = os.environ.get('HTTP_FORWARDED_FOR',
+                     os.environ.get('HTTP_X_FORWARDED_FOR',
+                     os.environ.get('REMOTE_ADDR',
+                                    'unidentified origin')))
+            syslog('security', 'Authorization failed (private): list=%s: remote=%s', listname, remote)
             # give an HTTP 401 for authentication failure
             print 'Status: 401 Unauthorized'
         # Are we processing a password reminder from the login screen?
-- 
cgit v1.2.3


From 540452e22108455e4efebc8fa7340760a68607f7 Mon Sep 17 00:00:00 2001
From: Jim Popovitch <jimpop@domainmail.org>
Date: Sun, 10 Jun 2018 23:01:35 +0000
Subject: Changes based on feedback from Mark.

---
 Mailman/Cgi/private.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'Mailman/Cgi/private.py')

diff --git a/Mailman/Cgi/private.py b/Mailman/Cgi/private.py
index f5c73821..cb954d3c 100755
--- a/Mailman/Cgi/private.py
+++ b/Mailman/Cgi/private.py
@@ -146,7 +146,8 @@ def main():
                      os.environ.get('HTTP_X_FORWARDED_FOR',
                      os.environ.get('REMOTE_ADDR',
                                     'unidentified origin')))
-            syslog('security', 'Authorization failed (private): list=%s: remote=%s', listname, remote)
+            syslog('security', 'Authorization failed (private): user=%s list=%s 
+                                remote=%s', username, listname, remote)
             # give an HTTP 401 for authentication failure
             print 'Status: 401 Unauthorized'
         # Are we processing a password reminder from the login screen?
-- 
cgit v1.2.3