Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-13087

Improve audit config flag sanity checks

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 2.6.0-rc1
    • Fix Version/s: 3.3.11
    • Component/s: Security
    • Labels:
    • Environment:
       uname -a
      Linux ip-10-33-128-100 3.4.73-64.112.amzn1.x86_64 #1 SMP Tue Dec 10 01:50:05 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Sprint:
      Security (08/08/16), Security 19 (08/29/16)

      Description

      It is possible to run mongod specifying --auditPath but not --auditDestination.
      This will result in no audit, and should be unallowed to run mongod using these options.

      [ec2-user@ip-10-33-128-100 bin]$ ./mongod --auditPath foo.txt --dbpath db

      Also, the code already does some checks, e.g. it complains if --auditFormat is not specified while --auditDestination is.

      [ec2-user@ip-10-33-128-100 bin]$ ./mongod --auditDestination file --dbpath db
      2014-03-07T01:32:16.431+0000 SEVERE: Failed global initialization: BadValue auditLog.format must be specified when auditLog.destination is to a file

        Attachments

          Activity

            People

            Assignee:
            andreas.nilsson Andreas Nilsson
            Reporter:
            davide.italiano Davide Italiano
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: