accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-3939) Accumulo AuditedSecurityOperation is not initialized properly
Date Tue, 21 Jul 2015 19:26:05 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-3939?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14635671#comment-14635671
] 

Josh Elser commented on ACCUMULO-3939:
--------------------------------------

bq. I'll get a patch in. Just give me a minute to get the patch together.

Great, that's awesome.

bq. Additionally (as a side note) table creation doesn't seem to have an audit
event associated with it. Do you want me to create the appropriate patch
for it too?

Let's do that separately. Step one is going to be making sure that auditing is actually happening.
Step two is expanding the audit scope -- IIRC the auditing we have presently is for security
related operations (permissions, user management, authorizations, etc). Adding in audits for
table management might be sign of a bigger desire to rethink how we do things (which we may
not want to in bug-fix releases). Either way, separate discussion.

> Accumulo AuditedSecurityOperation is not initialized properly
> -------------------------------------------------------------
>
>                 Key: ACCUMULO-3939
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3939
>             Project: Accumulo
>          Issue Type: Bug
>    Affects Versions: 1.5.3
>            Reporter: James Mello
>            Priority: Critical
>              Labels: easyfix
>         Attachments: generic_logger.xml
>
>
> While reading the source I found out that the AuditedSecurityOperation is never initialized
properly.
> The AuditSecurityOperation does not contain a getInstance() static method. This in turn
just calls the SecurityOperation getInstance() method. Because this is called in a static
manner the getInstance(String instanceId, boolean initialize) is called against the SecurityOperation
class not the AuditedSecurityOperation class.
> This should just be a simple fix that adds the getInstance() method to the AuditedSecurityOperation
class.
> This is critical as we are in need of this security auditing to meet Information Assurance
requirements for an upcoming major release of our software.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message