[SERVER-13087] Improve audit config flag sanity checks Created: 07/Mar/14  Updated: 13/Aug/16  Resolved: 04/Aug/16

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.6.0-rc1
Fix Version/s: 3.3.11

Type: Bug Priority: Major - P3
Reporter: Davide Italiano Assignee: Andreas Nilsson
Resolution: Done Votes: 0
Labels: Auditing
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

uname -a
Linux ip-10-33-128-100 3.4.73-64.112.amzn1.x86_64 #1 SMP Tue Dec 10 01:50:05 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux


Issue Links:
Related
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Security (08/08/16), Security 19 (08/29/16)
Participants:

 Description   

It is possible to run mongod specifying --auditPath but not --auditDestination.
This will result in no audit, and should be unallowed to run mongod using these options.

[ec2-user@ip-10-33-128-100 bin]$ ./mongod --auditPath foo.txt --dbpath db

Also, the code already does some checks, e.g. it complains if --auditFormat is not specified while --auditDestination is.

[ec2-user@ip-10-33-128-100 bin]$ ./mongod --auditDestination file --dbpath db
2014-03-07T01:32:16.431+0000 SEVERE: Failed global initialization: BadValue auditLog.format must be specified when auditLog.destination is to a file



 Comments   
Comment by Githook User [ 04/Aug/16 ]

Author:

{u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@mongodb.com'}

Message: SERVER-13087 Improve audit config flag sanity checks
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/90cba772f6dcb0f0ff084fdecb426d29d70a9099

Generated at Thu Feb 08 03:30:35 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.