From 315f78fb31030b43a408a0402b7f1795a1f259de Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Tue, 30 Jun 2015 11:33:02 -0400 Subject: [PATCH] Added pki-audit man page. A new man page has been added for the pki -audit CLI. Due to database upgrade issue, the audit command itself has been removed from all subsystems except TPS. https://fedorahosted.org/pki/ticket/1437 --- .../dogtagpki/server/ca/rest/CAApplication.java | 4 - .../src/com/netscape/certsrv/ca/CAClient.java | 2 - .../src/com/netscape/certsrv/kra/KRAClient.java | 2 - .../src/com/netscape/certsrv/ocsp/OCSPClient.java | 2 - .../src/com/netscape/certsrv/tks/TKSClient.java | 2 - base/java-tools/man/man1/pki-audit.1 | 88 ++++++++++++++++++++++ .../src/com/netscape/cmstools/cli/CACLI.java | 2 - .../src/com/netscape/cmstools/cli/KRACLI.java | 2 - .../src/com/netscape/cmstools/cli/OCSPCLI.java | 2 - .../src/com/netscape/cmstools/cli/TKSCLI.java | 2 - .../dogtagpki/server/kra/rest/KRAApplication.java | 4 - .../server/ocsp/rest/OCSPApplication.java | 4 - .../dogtagpki/server/tks/rest/TKSApplication.java | 4 - specs/pki-core.spec | 1 + 14 files changed, 89 insertions(+), 32 deletions(-) create mode 100644 base/java-tools/man/man1/pki-audit.1 diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CAApplication.java b/base/ca/src/org/dogtagpki/server/ca/rest/CAApplication.java index 8c6c8cbe54df366a807463f23790eb84ccc30c68..16eae7877059c7dc42479276b3111db1ce7f582d 100644 --- a/base/ca/src/org/dogtagpki/server/ca/rest/CAApplication.java +++ b/base/ca/src/org/dogtagpki/server/ca/rest/CAApplication.java @@ -7,7 +7,6 @@ import javax.ws.rs.core.Application; import org.dogtagpki.server.rest.ACLInterceptor; import org.dogtagpki.server.rest.AccountService; -import org.dogtagpki.server.rest.AuditService; import org.dogtagpki.server.rest.AuthMethodInterceptor; import org.dogtagpki.server.rest.GroupService; import org.dogtagpki.server.rest.MessageFormatInterceptor; @@ -32,9 +31,6 @@ public class CAApplication extends Application { // account classes.add(AccountService.class); - // audit - classes.add(AuditService.class); - // installer classes.add(CAInstallerService.class); diff --git a/base/common/src/com/netscape/certsrv/ca/CAClient.java b/base/common/src/com/netscape/certsrv/ca/CAClient.java index ff5a0e21491b40649f04cd9ce701041c2b795b14..e1a0a8c02f8a840acbdea924c164020b88557fc4 100644 --- a/base/common/src/com/netscape/certsrv/ca/CAClient.java +++ b/base/common/src/com/netscape/certsrv/ca/CAClient.java @@ -23,7 +23,6 @@ import com.netscape.certsrv.cert.CertClient; import com.netscape.certsrv.client.PKIClient; import com.netscape.certsrv.client.SubsystemClient; import com.netscape.certsrv.group.GroupClient; -import com.netscape.certsrv.logging.AuditClient; import com.netscape.certsrv.profile.ProfileClient; import com.netscape.certsrv.selftests.SelfTestClient; import com.netscape.certsrv.user.UserClient; @@ -37,7 +36,6 @@ public class CAClient extends SubsystemClient { public void init() throws URISyntaxException { - addClient(new AuditClient(client, name)); addClient(new CertClient(client, name)); addClient(new GroupClient(client, name)); addClient(new ProfileClient(client, name)); diff --git a/base/common/src/com/netscape/certsrv/kra/KRAClient.java b/base/common/src/com/netscape/certsrv/kra/KRAClient.java index a218501534f6ca72d88fc693798d784c026cee57..1eb102faedf12405c3e9f757b5a96caba8e1bde2 100644 --- a/base/common/src/com/netscape/certsrv/kra/KRAClient.java +++ b/base/common/src/com/netscape/certsrv/kra/KRAClient.java @@ -4,7 +4,6 @@ import com.netscape.certsrv.client.PKIClient; import com.netscape.certsrv.client.SubsystemClient; import com.netscape.certsrv.group.GroupClient; import com.netscape.certsrv.key.KeyClient; -import com.netscape.certsrv.logging.AuditClient; import com.netscape.certsrv.selftests.SelfTestClient; import com.netscape.certsrv.system.SystemCertClient; import com.netscape.certsrv.user.UserClient; @@ -18,7 +17,6 @@ public class KRAClient extends SubsystemClient { public void init() throws Exception { - addClient(new AuditClient(client, name)); addClient(new GroupClient(client, name)); addClient(new KeyClient(client, name)); addClient(new SelfTestClient(client, name)); diff --git a/base/common/src/com/netscape/certsrv/ocsp/OCSPClient.java b/base/common/src/com/netscape/certsrv/ocsp/OCSPClient.java index 6163d48186356ce4d59764ba0560322fbc4f9117..ab85bd2000da6d7c588eee5d8576b0c4032a2061 100644 --- a/base/common/src/com/netscape/certsrv/ocsp/OCSPClient.java +++ b/base/common/src/com/netscape/certsrv/ocsp/OCSPClient.java @@ -22,7 +22,6 @@ import java.net.URISyntaxException; import com.netscape.certsrv.client.PKIClient; import com.netscape.certsrv.client.SubsystemClient; import com.netscape.certsrv.group.GroupClient; -import com.netscape.certsrv.logging.AuditClient; import com.netscape.certsrv.selftests.SelfTestClient; import com.netscape.certsrv.user.UserClient; @@ -34,7 +33,6 @@ public class OCSPClient extends SubsystemClient { } public void init() throws URISyntaxException { - addClient(new AuditClient(client, name)); addClient(new GroupClient(client, name)); addClient(new SelfTestClient(client, name)); addClient(new UserClient(client, name)); diff --git a/base/common/src/com/netscape/certsrv/tks/TKSClient.java b/base/common/src/com/netscape/certsrv/tks/TKSClient.java index 5adde7461fb678dd2d25a890cad5778cd5a810fe..a972241ce6521e9cd92138f2f99088704d7f3d0a 100644 --- a/base/common/src/com/netscape/certsrv/tks/TKSClient.java +++ b/base/common/src/com/netscape/certsrv/tks/TKSClient.java @@ -22,7 +22,6 @@ import java.net.URISyntaxException; import com.netscape.certsrv.client.PKIClient; import com.netscape.certsrv.client.SubsystemClient; import com.netscape.certsrv.group.GroupClient; -import com.netscape.certsrv.logging.AuditClient; import com.netscape.certsrv.selftests.SelfTestClient; import com.netscape.certsrv.system.TPSConnectorClient; import com.netscape.certsrv.user.UserClient; @@ -35,7 +34,6 @@ public class TKSClient extends SubsystemClient { } public void init() throws URISyntaxException { - addClient(new AuditClient(client, name)); addClient(new GroupClient(client, name)); addClient(new SelfTestClient(client, name)); addClient(new TPSConnectorClient(client, name)); diff --git a/base/java-tools/man/man1/pki-audit.1 b/base/java-tools/man/man1/pki-audit.1 new file mode 100644 index 0000000000000000000000000000000000000000..7ea9258e2339473e848c37140ee6de25f55f5fcb --- /dev/null +++ b/base/java-tools/man/man1/pki-audit.1 @@ -0,0 +1,88 @@ +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH pki-audit 1 "Jun 30, 2015" "version 10.2" "PKI Audit Management Commands" Dogtag Team +.\" Please adjust this date whenever revising the man page. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for man page specific macros, see man(7) +.SH NAME +pki-audit \- Command-Line Interface for managing Certificate System audit configuration. + +.SH SYNOPSIS +.nf +\fBpki\fR [CLI options] \fB-audit\fR +\fBpki\fR [CLI options] \fB-audit-show\fR [command options] +\fBpki\fR [CLI options] \fB-audit-mod\fR [command options] +.fi + +.SH DESCRIPTION +.PP +The \fBpki-audit\fR commands provide command-line interfaces to manage audit +configuration in the specified subsystem. Currently the only valid subsystem +is \fBtps\fR. +.PP +\fBpki\fR [CLI options] \fB-audit\fR +.RS 4 +This command is to list the available audit commands the subsystem. +.RE +.PP +\fBpki\fR [CLI options] \fB-audit-show\fR [command options] +.RS 4 +This command is to show the audit configuration in the subsystem. +.RE +.PP +\fBpki\fR [CLI options] \fB-audit-mod\fR [command options] +.RS 4 +This command is to modify the audit configuration in the subsystem. +.RE + +.SH OPTIONS +The CLI options are described in \fBpki\fR(1). + +.SH OPERATIONS +To view available audit commands, type \fBpki -audit\fP. To view +each command's usage, type \fB pki -audit- \-\-help\fP. + +All audit commands must be executed as the subsystem administrator. + +For example, to show the audit configuration in TPS execute the following +command: + +.B pki tps-audit-show + +To download the audit configuration from TPS into a file execute the following +command: + +.B pki tps-audit-show --output + +To enable/disable audit in TPS execute the following command: + +.B pki tps-audit-mod --action + +where action is enable or disable. + +To modify the audit configuration in TPS, download the current configuration +using the above tps-audit-show command, edit the file, then execute the +following command: + +.B pki tps-audit-mod --input + +Optionally, a --output option may be specified to download the +effective configuration after the modification. + +.SH AUTHORS +Endi S. Dewata . + +.SH COPYRIGHT +Copyright (c) 2015 Red Hat, Inc. This is licensed under the GNU General Public +License, version 2 (GPLv2). A copy of this license is available at +http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. diff --git a/base/java-tools/src/com/netscape/cmstools/cli/CACLI.java b/base/java-tools/src/com/netscape/cmstools/cli/CACLI.java index 3cb456e5feddd6ca1bee312f21c9fc55269c5143..17fb4866f38f05f7ead02b6145ef7d09140a90c5 100644 --- a/base/java-tools/src/com/netscape/cmstools/cli/CACLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cli/CACLI.java @@ -22,7 +22,6 @@ import com.netscape.certsrv.ca.CAClient; import com.netscape.certsrv.client.Client; import com.netscape.cmstools.cert.CertCLI; import com.netscape.cmstools.group.GroupCLI; -import com.netscape.cmstools.logging.AuditCLI; import com.netscape.cmstools.profile.ProfileCLI; import com.netscape.cmstools.selftests.SelfTestCLI; import com.netscape.cmstools.system.KRAConnectorCLI; @@ -38,7 +37,6 @@ public class CACLI extends SubsystemCLI { public CACLI(CLI parent) { super("ca", "CA management commands", parent); - addModule(new AuditCLI(this)); addModule(new CertCLI(this)); addModule(new GroupCLI(this)); addModule(new KRAConnectorCLI(this)); diff --git a/base/java-tools/src/com/netscape/cmstools/cli/KRACLI.java b/base/java-tools/src/com/netscape/cmstools/cli/KRACLI.java index 3c61cafe3ba7cd7692495886ec696b6075285d61..8a9f789cd1099a9613615f943adad4fd78d2a666 100644 --- a/base/java-tools/src/com/netscape/cmstools/cli/KRACLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cli/KRACLI.java @@ -22,7 +22,6 @@ import com.netscape.certsrv.client.Client; import com.netscape.certsrv.kra.KRAClient; import com.netscape.cmstools.group.GroupCLI; import com.netscape.cmstools.key.KeyCLI; -import com.netscape.cmstools.logging.AuditCLI; import com.netscape.cmstools.selftests.SelfTestCLI; import com.netscape.cmstools.user.UserCLI; @@ -36,7 +35,6 @@ public class KRACLI extends SubsystemCLI { public KRACLI(CLI parent) { super("kra", "KRA management commands", parent); - addModule(new AuditCLI(this)); addModule(new GroupCLI(this)); addModule(new KeyCLI(this)); addModule(new SelfTestCLI(this)); diff --git a/base/java-tools/src/com/netscape/cmstools/cli/OCSPCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/OCSPCLI.java index 1eea5aad5ce12cb36647f3ef63d93a1e76db503f..3768a48e745e4632d22a755751e137ec40ec6299 100644 --- a/base/java-tools/src/com/netscape/cmstools/cli/OCSPCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cli/OCSPCLI.java @@ -21,7 +21,6 @@ package com.netscape.cmstools.cli; import com.netscape.certsrv.client.Client; import com.netscape.certsrv.ocsp.OCSPClient; import com.netscape.cmstools.group.GroupCLI; -import com.netscape.cmstools.logging.AuditCLI; import com.netscape.cmstools.selftests.SelfTestCLI; import com.netscape.cmstools.user.UserCLI; @@ -35,7 +34,6 @@ public class OCSPCLI extends SubsystemCLI { public OCSPCLI(CLI parent) { super("ocsp", "OCSP management commands", parent); - addModule(new AuditCLI(this)); addModule(new GroupCLI(this)); addModule(new SelfTestCLI(this)); addModule(new UserCLI(this)); diff --git a/base/java-tools/src/com/netscape/cmstools/cli/TKSCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/TKSCLI.java index cfc5d6ab512997b1e5a078c2a35a3c04737d872b..dd4f179c262036b286d3f44526f9a4a8fac2211e 100644 --- a/base/java-tools/src/com/netscape/cmstools/cli/TKSCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cli/TKSCLI.java @@ -21,7 +21,6 @@ package com.netscape.cmstools.cli; import com.netscape.certsrv.client.Client; import com.netscape.certsrv.tks.TKSClient; import com.netscape.cmstools.group.GroupCLI; -import com.netscape.cmstools.logging.AuditCLI; import com.netscape.cmstools.selftests.SelfTestCLI; import com.netscape.cmstools.system.TPSConnectorCLI; import com.netscape.cmstools.user.UserCLI; @@ -36,7 +35,6 @@ public class TKSCLI extends SubsystemCLI { public TKSCLI(CLI parent) { super("tks", "TKS management commands", parent); - addModule(new AuditCLI(this)); addModule(new GroupCLI(this)); addModule(new SelfTestCLI(this)); addModule(new TPSConnectorCLI(this)); diff --git a/base/kra/src/org/dogtagpki/server/kra/rest/KRAApplication.java b/base/kra/src/org/dogtagpki/server/kra/rest/KRAApplication.java index 6244270c032d20112ceef49a5e4827ca366f84c2..773d8dd19e595d3153aa15e5cb53522d399595c6 100644 --- a/base/kra/src/org/dogtagpki/server/kra/rest/KRAApplication.java +++ b/base/kra/src/org/dogtagpki/server/kra/rest/KRAApplication.java @@ -7,7 +7,6 @@ import javax.ws.rs.core.Application; import org.dogtagpki.server.rest.ACLInterceptor; import org.dogtagpki.server.rest.AccountService; -import org.dogtagpki.server.rest.AuditService; import org.dogtagpki.server.rest.AuthMethodInterceptor; import org.dogtagpki.server.rest.GroupService; import org.dogtagpki.server.rest.MessageFormatInterceptor; @@ -32,9 +31,6 @@ public class KRAApplication extends Application { // account classes.add(AccountService.class); - // audit - classes.add(AuditService.class); - // installer classes.add(KRAInstallerService.class); diff --git a/base/ocsp/src/org/dogtagpki/server/ocsp/rest/OCSPApplication.java b/base/ocsp/src/org/dogtagpki/server/ocsp/rest/OCSPApplication.java index 8d6e4a983e5642ecf882275bb4dee65a1f8b0950..99fefaeda0ef2c8694960a4a3fe89f613d3dc262 100644 --- a/base/ocsp/src/org/dogtagpki/server/ocsp/rest/OCSPApplication.java +++ b/base/ocsp/src/org/dogtagpki/server/ocsp/rest/OCSPApplication.java @@ -7,7 +7,6 @@ import javax.ws.rs.core.Application; import org.dogtagpki.server.rest.ACLInterceptor; import org.dogtagpki.server.rest.AccountService; -import org.dogtagpki.server.rest.AuditService; import org.dogtagpki.server.rest.AuthMethodInterceptor; import org.dogtagpki.server.rest.GroupService; import org.dogtagpki.server.rest.MessageFormatInterceptor; @@ -32,9 +31,6 @@ public class OCSPApplication extends Application { // account classes.add(AccountService.class); - // audit - classes.add(AuditService.class); - // installer classes.add(OCSPInstallerService.class); diff --git a/base/tks/src/org/dogtagpki/server/tks/rest/TKSApplication.java b/base/tks/src/org/dogtagpki/server/tks/rest/TKSApplication.java index ca19e38d88fbb26511e53f5d10d841097e99a049..278076d13938a18d59e91964a4ed3c1a197c3548 100644 --- a/base/tks/src/org/dogtagpki/server/tks/rest/TKSApplication.java +++ b/base/tks/src/org/dogtagpki/server/tks/rest/TKSApplication.java @@ -7,7 +7,6 @@ import javax.ws.rs.core.Application; import org.dogtagpki.server.rest.ACLInterceptor; import org.dogtagpki.server.rest.AccountService; -import org.dogtagpki.server.rest.AuditService; import org.dogtagpki.server.rest.AuthMethodInterceptor; import org.dogtagpki.server.rest.GroupService; import org.dogtagpki.server.rest.MessageFormatInterceptor; @@ -27,9 +26,6 @@ public class TKSApplication extends Application { // account classes.add(AccountService.class); - // audit - classes.add(AuditService.class); - // installer classes.add(TKSInstallerService.class); diff --git a/specs/pki-core.spec b/specs/pki-core.spec index 7e94f281711c9cfb25e94a81e905993702e32d7e..cb125d163764971deb1beb28be0905ef8b263b6b 100644 --- a/specs/pki-core.spec +++ b/specs/pki-core.spec @@ -840,6 +840,7 @@ systemctl daemon-reload %{_javadir}/pki/pki-tools.jar %{_datadir}/pki/java-tools/ %{_mandir}/man1/pki.1.gz +%{_mandir}/man1/pki-audit.1.gz %{_mandir}/man1/pki-cert.1.gz %{_mandir}/man1/pki-client.1.gz %{_mandir}/man1/pki-group.1.gz -- 1.9.3