[SERVER-59937] Verify the encrypted audit log IVs have correct sequence Created: 14/Sep/21 Updated: 29/Oct/23 Resolved: 15/Oct/21 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 5.1.0-rc0 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Erwin Pe | Assignee: | Erwin Pe |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Backwards Compatibility: | Fully Compatible |
| Sprint: | Security 2021-09-20, Security 2021-10-04, Security 2021-10-18 |
| Participants: |
| Description |
|
The audit log encryption feature uses an incrementing IV counter when encrypting each log line. This counter serves as an integrity check on the sequence of each individual log line so, that we can verify that no lines have been removed or swapped in the middle of the audit log file. mongoauditdecrypt should have a way of checking the IVs are monotonically increasing by 1 every time it decrypts a log line, and fail when a log line does not have the expected IV. |
| Comments |
| Comment by Githook User [ 15/Oct/21 ] |
|
Author: {'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}Message: |