[SERVER-60230] MongoDB aduit filter for drop collection can be bypassed Created: 27/Sep/21 Updated: 18/Oct/21 Resolved: 18/Oct/21 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | 4.4.1 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Zhu Eddie | Assignee: | Eric Sedor |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | Bug | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Operating System: | ALL | ||||||||
| Steps To Reproduce: | 1. Specify the filter in mongodB cofiguration file. }' 2.Open a session, watch for any audit log change: 3.Open another session and login as root 4. Add a new database test 5. Create a collection, as you can see, the audit log will have the relevant entry. 6. Drop a collection, the audit filter also works well. 7. Create the collection again 8.Show Collections 9. Drop database test 10. 11.Show Collections As you can see, after dropping the database, the collection is removed cascadingly without leave any audit entry. |
||||||||
| Participants: | |||||||||
| Description |
|
MongoDB server version: 4.4.1 |
| Comments |
| Comment by Eric Sedor [ 06/Oct/21 ] |
|
This looks like it may have been addressed for standalone nodes MongoDB 5.0, in It sounds like you are seeing this behavior on a standalone node (versus a replica set node), is that right? If so, you should be able to either upgrade to MongoDB 5.0 or run on version 4.4 as a replica set. Does this help? Eric |