accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Philip Young (JIRA)" <>
Subject [jira] [Commented] (ACCUMULO-1070) Improve the auditing messages that are generated from the server.
Date Thu, 07 Mar 2013 06:12:12 GMT


Philip Young commented on ACCUMULO-1070:

Thanks for looking over the patch Keith. We are back at work now, so should be able to make
any changes necessary.

I will update the patch to:
 - have the auditing disabled by default (i don't think that it should be on unless you want
 - The changes to AccumuloApp do not need to be updated, but it won't hurt if it does.
 - I will look into the logging of binary data.
 - We will add a section to the documentation explaining the audit feature and how to enable/disable.

Can you explain what credentials.getTokenClassName() gives us that would be useful for auditing?

> Improve the auditing messages that are generated from the server.
> -----------------------------------------------------------------
>                 Key: ACCUMULO-1070
>                 URL:
>             Project: Accumulo
>          Issue Type: Improvement
>          Components: master, tserver
>    Affects Versions: 1.4.2
>            Reporter: Philip Young
>            Assignee: Philip Young
>              Labels: patch, security
>             Fix For: 1.6.0
>         Attachments: accumulo-1070-1.patch, accumulo-1070-2.patch
>   Original Estimate: 168h
>  Remaining Estimate: 168h
> Auditing of all user interactions, including system administrators, is sometimes required
by a companies so that they can retrospectively audit user interactions after a security breach.
Currently, not all user operations on the Accumulo server are generating audit messages and
if they are, not in a consistent manner. 
> The audit created in the AuditedSecurityOperations class are not currently creating consistent
messages when an user passes the operation validation to when they fail the operation validation.
> Also, the Scan operations are not being audited and it would be very useful to know who
has run scans and what those scans were, by including: the principal user, the column families,
the ranges, etc.
> I am intending to address both of these issues and submit a patch in the next week.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message