accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keith Turner (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-1070) Improve the auditing messages that are generated from the server.
Date Fri, 01 Mar 2013 01:49:12 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-1070?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13590168#comment-13590168
] 

Keith Turner commented on ACCUMULO-1070:
----------------------------------------

I am still looking at the patch, but I have few comments.  I will look at it some more tomorrow.

 * Did you intend to include changes to AccumuloApp as part of the patch?
 * the patch enables auditing by default, was this intended?
 * Will be logging binary data,this will be lossy.   For example it will log the columns a
user fetches.  Could consider encoding base64 non-ascii characters, but I am not sure about
this.
 * may be useful to audit credentials.getTokenClassName() in addition to credentials.getPrincipal()

Phillip, I will add you as a contributor on jira and the Accumulo web site.  Send me an email
if you would like your org and timezone set on the web site.


                
> Improve the auditing messages that are generated from the server.
> -----------------------------------------------------------------
>
>                 Key: ACCUMULO-1070
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-1070
>             Project: Accumulo
>          Issue Type: Improvement
>          Components: master, tserver
>    Affects Versions: 1.4.2
>            Reporter: Philip Young
>            Assignee: Eric Newton
>              Labels: patch, security
>         Attachments: accumulo-1070-1.patch, accumulo-1070-2.patch
>
>   Original Estimate: 168h
>  Remaining Estimate: 168h
>
> Auditing of all user interactions, including system administrators, is sometimes required
by a companies so that they can retrospectively audit user interactions after a security breach.
Currently, not all user operations on the Accumulo server are generating audit messages and
if they are, not in a consistent manner. 
> The audit created in the AuditedSecurityOperations class are not currently creating consistent
messages when an user passes the operation validation to when they fail the operation validation.
> Also, the Scan operations are not being audited and it would be very useful to know who
has run scans and what those scans were, by including: the principal user, the column families,
the ranges, etc.
>  
> I am intending to address both of these issues and submit a patch in the next week.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message