Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-40569

Auditing "(NONE)" when address family is AF_UNSPEC

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.9.0
    • Affects Version/s: 3.6.12
    • Component/s: None
    • Labels:
      None
    • Fully Compatible
    • Security 2020-11-30, Security 2020-12-14

      When address family is AF_UNSPEC, we audit log ip: "(NONE)". It may be possible to treat this differently.

      original description

      When auditing is set on Mongodb, the log has local and remote IP which is always localhost as in:

      Apr 10 11:17:27 CentOS50G tag1 { "atype" : "authCheck", "ts" : { "$date" : "2019-04-10T11:17:19.306-0700" }, "local" : { "ip" : "(NONE)", "port" : 0 }, "remote" : { "ip" : "(NONE)", "port" : 0 }, "users" : [], "roles" : [], "param" : { "command" : "listIndexes", "ns" : "config.system.sessions", "args" : { "listIndexes" : "system.sessions", "cursor" : {}, "$db" : "config" } }, "result" : 0 }

       Here eventhough Mongo server is CentOS50G the local ip is either NONE or 127.0.0.1 

            Assignee:
            shreyas.kalyan@mongodb.com Shreyas Kalyan
            Reporter:
            aditya123 aditya
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: