accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Philip Young (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (ACCUMULO-1070) Improve the auditing messages that are generated from the server.
Date Fri, 22 Feb 2013 21:54:13 GMT

     [ https://issues.apache.org/jira/browse/ACCUMULO-1070?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Philip Young updated ACCUMULO-1070:
-----------------------------------

    Attachment: accumulo-1070-1.patch

Here is a patch which addresses the issue:
-  It enables Auditing via the AuditedSecurityOperation, which was previously disabled.  It
adds AuditedSecurityOperation.getInstance() to allow this to be instantiated.
-  It enables Auditing of various security operations like: scan, rename, delete tables, bulk
import, export, clone, delete range.
-  It removes Auditing of some security operations like userAuthenticated - which we found
to cause verbose and redundant auditing
-  Audit messages are only generated if the appropriate log level is set, and if the principal
generating the message is non the !SYSTEM user.
-  It adds another Translator type for the TColumn type
-  It tests more stuff in the AccumuloApp
                
> Improve the auditing messages that are generated from the server.
> -----------------------------------------------------------------
>
>                 Key: ACCUMULO-1070
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-1070
>             Project: Accumulo
>          Issue Type: Improvement
>          Components: master, tserver
>    Affects Versions: 1.4.2
>            Reporter: Philip Young
>            Assignee: Eric Newton
>              Labels: patch, security
>         Attachments: accumulo-1070-1.patch
>
>   Original Estimate: 168h
>  Remaining Estimate: 168h
>
> Auditing of all user interactions, including system administrators, is sometimes required
by a companies so that they can retrospectively audit user interactions after a security breach.
Currently, not all user operations on the Accumulo server are generating audit messages and
if they are, not in a consistent manner. 
> The audit created in the AuditedSecurityOperations class are not currently creating consistent
messages when an user passes the operation validation to when they fail the operation validation.
> Also, the Scan operations are not being audited and it would be very useful to know who
has run scans and what those scans were, by including: the principal user, the column families,
the ranges, etc.
>  
> I am intending to address both of these issues and submit a patch in the next week.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message