Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-22624

Should there be a audit log for couchbase-cli actions

    XMLWordPrintable

Details

    Description

      • Steps to reproduce
      1. Setup SASLAUTHD with PAM using a local linux user
      2. enable the audit logging
      3. Successfully log into the UI with the PAM user
      4. Fail to log in to the UI using the PAM user
      5. Successfully run a couchbase-cli command using the PAM user 

        /opt/couchbase/bin/couchbase-cli server-list -c localhost:8091 -u patrick -p password

      6. fail to run a couchbae-cli command using the PAM user 

        /opt/couchbase/bin/couchbase-cli server-list -c localhost:8091 -u patrick -p badword

      • Problem
        When I review the audit logs it only has the actions from the UI and not from couchbase-cli
      • Expected behaviour
        I expect all admin actions to be logged no matter whether they came from the UI or couchbase-cli, but it only has the UI actions: 

        {"timestamp":"2017-02-03T16:55:32.854691Z","real_userid":{"source":"internal","user":"couchbase"},"auditd_enabled":true,"descriptors_path":"/opt/couchbase/etc/security","hostname":"","log_path":"/opt/couchbase/var/lib/couchbase/logs","rotate_interval":86400,"version":1,"id":4096,"name":"configured audit daemon","description":"loaded configuration file for audit daemon"}
        		 
        {"timestamp":"2017-02-03T16:55:33.457698Z","real_userid":{"source":"internal","user":"couchbase"},"auditd_enabled":true,"descriptors_path":"/opt/couchbase/etc/security","hostname":"node1-cb451-centos7.vagrants","log_path":"/opt/couchbase/var/lib/couchbase/logs","rotate_interval":86400,"version":1,"id":4096,"name":"configured audit daemon","description":"loaded configuration file for audit daemon"}
        		 
        {"roles":["admin"],"real_userid":{"source":"saslauthd","user":"patrick"},"sessionid":"4444981a6baadf4351d3732070df8909","remote":{"ip":"10.112.151.1","port":51635},"timestamp":"2017-02-03T17:02:10.279Z","id":8192,"name":"login success","description":"Successful login to couchbase cluster"}
        		 
        {"real_userid":{"source":"rejected","user":"patrick"},"remote":{"ip":"10.112.151.1","port":51638},"timestamp":"2017-02-03T17:02:22.845Z","id":8193,"name":"login failure","description":"Unsuccessful attempt to login to couchbase cluster"}
        		 
        {"timestamp":"2017-02-03T17:02:40.002790Z","real_userid":{"source":"internal","user":"couchbase"},"id":4097,"name":"shutting down audit daemon","description":"The audit daemon is being shutdown"}

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            istvan.orban Istvan Orban
            pvarley Patrick Varley (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty