[SERVER-11028] shutdown on Audit failure Created: 03/Oct/13 Updated: 10/Jun/22 Resolved: 25/Nov/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Logging, Security |
| Affects Version/s: | None |
| Fix Version/s: | 2.5.5 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Will LaForest | Assignee: | Eric Milkie |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||||||||||||||||||
| Issue Links: |
|
||||||||||||||||||||
| Participants: | |||||||||||||||||||||
| Case: | (copied to CRM) | ||||||||||||||||||||
| Description |
|
Assuming the completion of We should make it possible to configure MongoDB to shutdown automatically should there be a failure in the auditing system. In many organizations that require auditing for legal or compliance reasons this is a requirements. An example is the DISA STIG:
|
| Comments |
| Comment by Eric Milkie [ 25/Nov/13 ] |
|
Auditing now aborts the process if there is a [detectable] failure writing to the audit log. |
| Comment by Githook User [ 25/Nov/13 ] |
|
Author: {u'username': u'milkie', u'name': u'Eric Milkie', u'email': u'milkie@10gen.com'}Message: |
| Comment by Githook User [ 25/Nov/13 ] |
|
Author: {u'username': u'milkie', u'name': u'Eric Milkie', u'email': u'milkie@10gen.com'}Message: |
| Comment by Eric Milkie [ 14/Nov/13 ] |
|
If the server shuts down upon auditing failure, it follows that one could set up an alert when this happens. Server monitoring would be advisable whether you are using auditing or not, so I imagine that users will typically already have this working. |
| Comment by Mark Helmstetter [ 14/Nov/13 ] |
|
There is another requirement in the DISA STIG that there is an "alert" when there is an audit processing failure. Is there some way that we can also satisfy this requirement? Send an SNMP trap? Attempt to log in the system log or mongodb log? SRG-APP-000108-DB-000048 It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Audit processing failures include: software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded. A failure of database auditing will result in either the database continuing to function without auditing or in a complete halt to database operations. When audit processing fails, appropriate personnel must be alerted immediately to avoid further downtime or unaudited transactions. |