bmcweb: Message entry for user security Event

Message entry for
BMC should detect the following intrusion or non-allowed configuration and
log the security event with description.
1. Password storing hash algo changes from SHA2-256 to MD5 in Linux pwd file
2. When any user other than root has its UID set to 0 in Linux pwd file
3. When any unsupported shells (not bash or sh) are present in Linux pwd file
4. When the root user is assigned a password in Linux password file

Tested:
1. Ran Redfish validator - passed for this new addition.

 {
  "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
  "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/75_1",
  "@odata.type": "#LogEntry.v1_4_0.LogEntry",
  "Created": "1970-01-01T00:01:15+00:00",
  "EntryType": "Event",
  "Id": "75_1",
  "Message": "weak password computing hash algorithm is enabled = MD5 Hash algorithm .",
  "MessageArgs": [
         "MD5 Hash algorithm"
     ],
  "MessageId": "OpenBMC.0.1.SecurityUserWeakHashAlgoEnabled",
  "Name": "System Event Log Entry",
  "Severity": "Critical"
 },
 {
  "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
  "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/240",
  "@odata.type": "#LogEntry.v1_4_0.LogEntry",
  "Created": "1970-01-01T00:04:00+00:00",
  "EntryType": "Event",
  "Id": "240",
  "Message": "other than /bin/bash,/bin/sh, Unsupported shell is enabled",
  "MessageArgs": [],
  "MessageId": "OpenBMC.0.1.SecurityUserUnsupportedShellEnabled",
  "Name": "System Event Log Entry",
  "Severity": "Critical"
 },
 {
  "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
  "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/246",
  "@odata.type": "#LogEntry.v1_4_0.LogEntry",
  "Created": "1970-01-01T00:04:06+00:00",
  "EntryType": "Event",
  "Id": "246",
  "Message": "Unsupported shell is removed",
  "MessageArgs": [],
  "MessageId": "OpenBMC.0.1.SecurityUserUnsupportedShellRemoved",
  "Name": "System Event Log Entry",
  "Severity": "OK"
 },

 {
  "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
  "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/604",
  "@odata.type": "#LogEntry.v1_4_0.LogEntry",
  "Created": "1970-01-01T00:10:04+00:00",
  "EntryType": "Event",
  "Id": "604",
  "Message": "password computing hash algorithm is changed to sha256/sha512.",
  "MessageArgs": [],
  "MessageId": "OpenBMC.0.1.SecurityUserHashAlgoChanged",
  "Name": "System Event Log Entry",
  "Severity": "OK"
 }
 {
 "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
 "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/75",
 "@odata.type": "#LogEntry.v1_4_0.LogEntry",
 "Created": "1970-01-01T00:01:15+00:00",
 "EntryType": "Event",
 "Id": "75",
 "Message": "root user is enabled.",
 "MessageArgs": [],
 "MessageId": "OpenBMC.0.1.SecurityUserRootEnabled",
 "Name": "System Event Log Entry",
 "Severity": "Critical"
 },
 {
 "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
 "@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/1153",
 "@odata.type": "#LogEntry.v1_4_0.LogEntry",
 "Created": "1970-01-01T00:19:13+00:00",
 "EntryType": "Event",
 "Id": "1153",
 "Message": "uid Zero is assigned with non-root user",
 "MessageArgs": [],
 "MessageId": "OpenBMC.0.1.SecurityUserNonRootUidZeroAssigned",
 "Name": "System Event Log Entry",
 "Severity": "Critical"
 }

Signed-off-by: Suryakanth Sekar <suryakanth.sekar@linux.intel.com>
Change-Id: I8a3a10be2cc85614baa7b0d2f56b3376c3301e01

1 files changed, 80 insertions, 1 deletions

diff --git a/redfish-core/include/registries/openbmc_message_registry.hpp b/redfish-core/include/registries/openbmc_message_registry.hpp
index 1e9fa60..9b3cf28 100644
--- a/redfish-core/include/registries/openbmc_message_registry.hpp
+++ b/redfish-core/include/registries/openbmc_message_registry.hpp
@@ -29,7 +29,7 @@ const Header header = {
     "0.1.0",
     "OpenBMC",
 };
-constexpr std::array<MessageEntry, 144> registry = {
+constexpr std::array<MessageEntry, 152> registry = {
     MessageEntry{
         "ADDDCCorrectable",
         {
@@ -1492,6 +1492,85 @@ constexpr std::array<MessageEntry, 144> registry = {
                      {},
                      "None.",
                  }},
+    MessageEntry{
+        "SecurityUserStrongHashAlgoRestored",
+        {
+            "Indicates that password computing hash algorithm changed.",
+            "Password computing hash algorithm is changed to sha256/sha512.",
+            "OK",
+            0,
+            {},
+            "None.",
+        }},
+
+    MessageEntry{"SecurityUserNonRootUidZeroAssigned",
+                 {
+                     "Indicates that non root user assigned with user ID zero.",
+                     "User ID Zero is assigned with non-root user.",
+                     "Critical",
+                     0,
+                     {},
+                     "None.",
+                 }},
+    MessageEntry{"SecurityUserNonRootUidZeroRemoved",
+                 {
+                     "Indicates that non root user ID is removed",
+                     "Non root user assigned with user ID zero is removed.",
+                     "OK",
+                     0,
+                     {},
+                     "None.",
+                 }},
+
+    MessageEntry{"SecurityUserRootEnabled",
+                 {
+                     "Indicates that system root user is enabled.",
+                     "User root is enabled.",
+                     "Critical",
+                     0,
+                     {},
+                     "None.",
+                 }},
+    MessageEntry{"SecurityUserRootDisabled",
+                 {
+                     "Indicates that system root user is disabled.",
+                     "User root is disabled.",
+                     "OK",
+                     0,
+                     {},
+                     "None.",
+                 }},
+
+    MessageEntry{"SecurityUserUnsupportedShellEnabled",
+                 {
+                     "Indicates that unsupported shell is enabled.",
+                     "Unsupported shell is enabled.",
+                     "Critical",
+                     0,
+                     {},
+                     "None.",
+                 }},
+    MessageEntry{"SecurityUserUnsupportedShellRemoved",
+                 {
+                     "Indicates that unsupported shell is removed.",
+                     "Unsupported shell is removed.",
+                     "OK",
+                     0,
+                     {},
+                     "None.",
+                 }},
+
+    MessageEntry{
+        "SecurityUserWeakHashAlgoEnabled",
+        {
+            "Indicates that weak password computing hash algorithm is enabled.",
+            "Weak password computing hash algorithm is enabled.",
+            "Critical",
+            0,
+            {},
+            "None.",
+        }},
+
     MessageEntry{"SELEntryAdded",
                  {
                      "Indicates a SEL entry was added using the "