Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-15170

[Security] Incorrect audit messages logged for account creation

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Fix
    • Critical
    • 4.0.0
    • 4.0.0
    • ns_server
    • Security Level: Public
    • None
    • CentOS 6
    • Untriaged
    • Unknown

    Description

      Build - 4.0.0-2213

      Steps performed -
      1. Cluster of 6 nodes with different services running
      2. Enabled "Audit configuration" logging /opt/couchbase/var/lib/couchbase/logs
      3. Deleted existing XDCR replication
      4. Created new Read-Only user account

      Expected on audit.log file -

      • log for deleted replication [Success]
      • log for new account read-only user [Failed]

      Here is the logs :
      {"timestamp":"2015-05-27T17:05:51.649358-07:00","real_userid":

      {"source":"internal","user":"couchbase"}

      ,"auditd_enabled":true,"descriptors_path":"/opt/couchbase/etc/security","hostname":"cranberry-h21220","log_path":"/opt/couchbase/var/lib/couchbase/logs","rotate_interval":86400,"version":1,"id":4096,"name":"configured audit daemon","description":"loaded configuration file for audit daemon"}
      {"timestamp":"2015-05-27T17:05:56.148-07:00","real_userid":

      {"source":"builtin","user":"Administrator"}

      ,"local_cluster_name":"10.5.2.237:8091","source_bucket_name":"default","remote_cluster_name":"NYC_DC","target_bucket_name":"default","id":16390,"name":"replication cancellation","description":"canceled replication"}
      {"timestamp":"2015-05-27T17:05:57.815-07:00","real_userid":

      {"source":"builtin","user":"Administrator"}

      ,"local_cluster_name":"10.5.2.237:8091","source_bucket_name":"travel-sample","remote_cluster_name":"NYC_DC","target_bucket_name":"airline","id":16390,"name":"replication cancellation","description":"canceled replication"}
      {"timestamp":"2015-05-27T17:05:59.632-07:00","real_userid":

      {"source":"builtin","user":"Administrator"}

      ,"local_cluster_name":"10.5.2.237:8091","source_bucket_name":"travel-sample","remote_cluster_name":"NYC_DC","target_bucket_name":"airport","id":16390,"name":"replication cancellation","description":"canceled replication"}
      {"timestamp":"2015-05-27T17:06:01.204-07:00","real_userid":

      {"source":"builtin","user":"Administrator"}

      ,"local_cluster_name":"10.5.2.237:8091","source_bucket_name":"default","remote_cluster_name":"NYC_DC","target_bucket_name":"test_filter","id":16390,"name":"replication cancellation","description":"canceled replication"}
      {"userid":"ro_user","role":"ro_admin","real_userid":

      {"source":"ns_server","user":"Administrator"}

      ,"sessionid":"e29e21ddc03105c8ae7b19fd6f52e12c","remote":

      {"ip":"10.17.2.103","port":63055}

      ,"timestamp":"2015-05-27T17:06:37.923-07:00","id":8195,"name":"user credentials change","description":"User credentials were changed"}

      Expected:

      {"userid":"ro_user","role":"ro_admin","real_userid":

      {"source":"ns_server","user":"Administrator"}

      ,"sessionid":"e29e21ddc03105c8ae7b19fd6f52e12c","remote":

      {"ip":"10.17.2.103","port":63055}

      ,"timestamp":"2015-05-27T17:06:37.923-07:00","id":8195,"name":"new ro_user user created","description":"Read-Only account created"}

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            djp Don Pinto [X] (Inactive)
            anil Anil Kumar (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty