[SERVER-55014] KillCursors operation is not audited in legacy mode console Created: 05/Mar/21  Updated: 29/Oct/23  Resolved: 15/Mar/21

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 5.0.0

Type: Bug Priority: Major - P3
Reporter: Sergey Galtsev (Inactive) Assignee: Sergey Galtsev (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File image-2021-03-05-14-12-51-812.png    
Issue Links:
Issue split
split from SERVER-32640 killCursors auditing messages are dup... Closed
Backwards Compatibility: Minor Change
Operating System: ALL
Steps To Reproduce:
  • Start mongod with auditing enabled
  • Prepare a table with some dummy data

    for (let i = 0; i < 100; i++) {
        assert.writeOK(db.audit.insert({ _id: i }));
    }

  • Connect to mongod using console in legacy mode such as:

mongo 127.0.0.1:20000/admin --readMode=legacy --useLegacyWriteOps

  • Execute following code:

            let query = db.audit.find().batchSize(1); 
            query.next();
            query.close();

  • Observe that there is an event "atype=authCheck,command=find", followed by "atype=authCheck,command=endSessions". There is no "atype=authCheck,command=killCursors".
  • Wireshark does demonstrate that there indeed is a killCursors operation:

Sprint: Security 2021-03-22
Participants:

 Comments   
Comment by Githook User [ 15/Mar/21 ]

Author:

{'name': 'Sergey Galtsev', 'email': 'sergey.galtsev@mongodb.com', 'username': 'brushless-glitch'}

Message: SERVER-55014 KillCursors operation is not audited in legacy mode console
Branch: master
https://github.com/mongodb/mongo/commit/1f26769dba862871301c788100e69274af150433

Comment by Githook User [ 15/Mar/21 ]

Author:

{'name': 'Sergey Galtsev', 'email': 'sergey.galtsev@mongodb.com', 'username': 'brushless-glitch'}

Message: SERVER-55014 KillCursors operation is not audited in legacy mode console
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/6f1c4f6356c1b963fe42e0dc8ec20f96f74413f1

Comment by Sergey Galtsev (Inactive) [ 11/Mar/21 ]

https://mongodbcr.appspot.com/758920030
https://mongodbcr.appspot.com/758930009/

Generated at Thu Feb 08 05:35:12 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.