[SERVER-36172] Audit logging for replSetConfigure actions Created: 18/Jul/18 Updated: 15/Nov/21 Resolved: 18/Jul/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Minor - P4 |
| Reporter: | 章 黒鉄 | Assignee: | DO NOT USE - Backlog - Platform Team |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Participants: | |||||||||
| Description |
|
Hi Security dev team! I was configuring auditing at my new workplace. The basic idea is:
Whilst I was doing this I realized for the first time there is no auditing for replSetConfigure actions. So a Naughty DBA could for example execute start a node on their desktop or some useful computer, then rs.add('my_desktop_fqdn:27017'), sync, then 'rs.remove('my_desktop_fqdn:27017'), and they'd have a copy of the data directory without anything appearing in the audit log. It would be in the normal logs, but that's not as hard to cover up. I couldn't find any existing JIRA tickets that mention this, now that I'm logged in as a public user. Is there any reason that auditing replSetConfigure actions has been excluded? If not I'd like to request this as an enhancement. (Ideally backported to 3.6 too.) Cheers from Tokyo, Akira |
| Comments |
| Comment by 章 黒鉄 [ 18/Jul/18 ] |
Ah. I was thinking the audit module "System events" were basically named after the priviliges actions (doc page) which is why I thought the currently non-existent audit action for this would be tied to "replSetConfigure". Command names make sense too though. Anyhow I'll whack this request into |
| Comment by Eric Milkie [ 18/Jul/18 ] |
|
I believe this is |
| Comment by 章 黒鉄 [ 18/Jul/18 ] |
|
Hi Ramon. Sorry to ping you in the middle of your night! Yep, enjoying Tokyo, and please let the platform team know I appreciate their help. No time crunch for this on my side b.t.w. Cheers, Akira |
| Comment by Ramon Fernandez Marina [ 18/Jul/18 ] |
|
Hi akira!! I can't find a SERVER ticket that mentions this so I'm sending this to the Platform team for evaluation. Best of luck on your Tokyo adventure! Cheers, |