feat(PROJ-48): Audit-Log Unveränderbarkeit (Trigger, append-only Logfile, Healthcheck)
DB-Trigger audit_log_immutable verhindert UPDATE/DELETE auf audit_log, zusätzliches append-only JSON-Lines-Logfile (audit.log_path) als tamper-evident Backup, neuer Healthcheck-Prüfpunkt in archivmail status. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
sysops
@@ -3,6 +3,7 @@ package config
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"gopkg.in/yaml.v3"
|
||||
)
|
||||
@@ -116,12 +117,25 @@ type IndexConfig struct {
|
||||
ManticoreDSN string `yaml:"manticore_dsn"` // DSN for Manticore backend (default: "manticore@tcp(127.0.0.1:9306)/")
|
||||
}
|
||||
|
||||
// DefaultAuditLogPath is the default location of the append-only JSON-Lines
|
||||
// audit log file (PROJ-48) when audit.log_path is not configured.
|
||||
const DefaultAuditLogPath = "/var/log/archivmail/audit.log"
|
||||
|
||||
// AuditConfig holds audit log settings.
|
||||
type AuditConfig struct {
|
||||
LogPath string `yaml:"log_path"`
|
||||
RetentionDays int `yaml:"retention_days"`
|
||||
}
|
||||
|
||||
// ResolvedLogPath returns the configured audit log file path, falling back to
|
||||
// DefaultAuditLogPath when unset.
|
||||
func (a AuditConfig) ResolvedLogPath() string {
|
||||
if strings.TrimSpace(a.LogPath) == "" {
|
||||
return DefaultAuditLogPath
|
||||
}
|
||||
return a.LogPath
|
||||
}
|
||||
|
||||
// LoggingConfig holds application logging settings.
|
||||
type LoggingConfig struct {
|
||||
Path string `yaml:"path"`
|
||||
|
||||
Reference in New Issue
Block a user