Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 4.9.0
Affects Version/s: 3.6.12
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Sprint:
Security 2020-11-30, Security 2020-12-14
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

When address family is AF_UNSPEC, we audit log ip: "(NONE)". It may be possible to treat this differently.

original description

When auditing is set on Mongodb, the log has local and remote IP which is always localhost as in:

Apr 10 11:17:27 CentOS50G tag1 { "atype" : "authCheck", "ts" : { "$date" : "2019-04-10T11:17:19.306-0700" }, "local" : { "ip" : "(NONE)", "port" : 0 }, "remote" : { "ip" : "(NONE)", "port" : 0 }, "users" : [], "roles" : [], "param" : { "command" : "listIndexes", "ns" : "config.system.sessions", "args" : { "listIndexes" : "system.sessions", "cursor" : {}, "$db" : "config" } }, "result" : 0 }

Here eventhough Mongo server is CentOS50G the local ip is either NONE or 127.0.0.1

Assignee:: Shreyas Kalyan
Reporter:: aditya
Participants:: aditya, Eric Sedor, Githook User, Shreyas Kalyan
Votes:: 0 Vote for this issue
Watchers:: 7 Start watching this issue

Created:: Apr 10 2019 09:13:51 PM UTC
Updated:: Oct 29 2023 10:22:07 PM UTC
Resolved:: Dec 04 2020 05:05:08 AM UTC
Confidence Status Last Update:: 23/Nov/20 5:39 PM