Improved logging of security related events

author: Jim Popovitch <jimpop@domainmail.org> 2018-06-06 10:06:19 +0000
committer: Jim Popovitch <jimpop@domainmail.org> 2018-06-06 10:06:19 +0000
commit: cd47d41512f99aff9eaaaaf6e796a34aa00fa8bf (patch)
tree: 11a9319cdd23a725293e77d7f7bbfe1712fe53e5 /Mailman/Cgi/private.py
parent: 8291c814c54d87c7958304e471a5c5c013417e45 (diff)
download: mailman2-cd47d41512f99aff9eaaaaf6e796a34aa00fa8bf.tar.gz
mailman2-cd47d41512f99aff9eaaaaf6e796a34aa00fa8bf.tar.xz
mailman2-cd47d41512f99aff9eaaaaf6e796a34aa00fa8bf.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/Mailman/Cgi/private.py b/Mailman/Cgi/private.py
index 80369e84..f5c73821 100755
--- a/Mailman/Cgi/private.py
+++ b/Mailman/Cgi/private.py
@@ -142,6 +142,11 @@ def main():
         if cgidata.has_key('submit'):
             # This is a re-authorization attempt
             message = Bold(FontSize('+1', _('Authorization failed.'))).Format()
+            remote = os.environ.get('HTTP_FORWARDED_FOR',
+                     os.environ.get('HTTP_X_FORWARDED_FOR',
+                     os.environ.get('REMOTE_ADDR',
+                                    'unidentified origin')))
+            syslog('security', 'Authorization failed (private): list=%s: remote=%s', listname, remote)
             # give an HTTP 401 for authentication failure
             print 'Status: 401 Unauthorized'
         # Are we processing a password reminder from the login screen?
author	Jim Popovitch <jimpop@domainmail.org>	2018-06-06 10:06:19 +0000
committer	Jim Popovitch <jimpop@domainmail.org>	2018-06-06 10:06:19 +0000
commit	cd47d41512f99aff9eaaaaf6e796a34aa00fa8bf (patch)
tree	11a9319cdd23a725293e77d7f7bbfe1712fe53e5 /Mailman/Cgi/private.py
parent	8291c814c54d87c7958304e471a5c5c013417e45 (diff)
download	mailman2-cd47d41512f99aff9eaaaaf6e796a34aa00fa8bf.tar.gz mailman2-cd47d41512f99aff9eaaaaf6e796a34aa00fa8bf.tar.xz mailman2-cd47d41512f99aff9eaaaaf6e796a34aa00fa8bf.zip