accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Mello (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-3939) Accumulo AuditedSecurityOperation is not initialized properly
Date Tue, 21 Jul 2015 13:19:04 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-3939?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14635090#comment-14635090
] 

James Mello commented on ACCUMULO-3939:
---------------------------------------

There is no auditLog.xml in the 1.5.0 version or the 1.5.3 version I'm running. Instead I
set the logging level in the generic_logger.xml to ALL for the following:

  <appender name="AUDIT" class="org.apache.log4j.RollingFileAppender">
     <param name="File"           value="${org.apache.accumulo.core.dir.log}/audit.log"/>
     <param name="MaxFileSize"    value="1000MB"/>
     <param name="MaxBackupIndex" value="10"/>
     <param name="Threshold"      value="ALL"/>
     <layout class="org.apache.log4j.PatternLayout">
       <param name="ConversionPattern" value="%d{ISO8601} [%-8c{2}] %-5p: %m%n"/>
     </layout>
  </appender>

  <logger name="org.apache.accumulo.server.security">
     <level value="ALL"/>
        <appender-ref ref="AUDIT" />
  </logger>

I didn't get any messages for any of the security packages with this configuration.

The full configuration is attached

> Accumulo AuditedSecurityOperation is not initialized properly
> -------------------------------------------------------------
>
>                 Key: ACCUMULO-3939
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3939
>             Project: Accumulo
>          Issue Type: Bug
>    Affects Versions: 1.5.3
>            Reporter: James Mello
>            Priority: Critical
>              Labels: easyfix
>
> While reading the source I found out that the AuditedSecurityOperation is never initialized
properly.
> The AuditSecurityOperation does not contain a getInstance() static method. This in turn
just calls the SecurityOperation getInstance() method. Because this is called in a static
manner the getInstance(String instanceId, boolean initialize) is called against the SecurityOperation
class not the AuditedSecurityOperation class.
> This should just be a simple fix that adds the getInstance() method to the AuditedSecurityOperation
class.
> This is critical as we are in need of this security auditing to meet Information Assurance
requirements for an upcoming major release of our software.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message