Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-34254

[Auditing] Add access denied events (403 or 401)

    XMLWordPrintable

Details

    • High

    Description

      We should audit access denied to detect threats, hackers, external attacks.

       To aid in diagnosis, it is necessary to keep track of failed attempts in addition to the successful ones.

      N1QL requests from unauthorised users to DML statements such as  SELECT, INSERT, UPDATE, DELETE and EXECUTE;  and DDL statements such as CREATE, ALTER, DROP, GRANT and REVOKE  need to be audited.  

      Attempts to elevate access such as adding a role, removing a role or modifying the roles for a user via REST, CLI, UI, N1QL needs to be audited, both successful and unsuccessful attempts.   Also any attempts to read user and group privileges via REST, CLI, UI, N1QL need to be audited, both successful and unsuccessful attempts.

      Attachments

        Issue Links

          blocks

          Improvement - An improvement or enhancement to an existing feature or task. MB-27208 Audit Enhancements

          • Major - Major loss of function.
          • Open
          mentioned in

          Page Loading...

          Page Loading...

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              ritam.sharma Ritam Sharma
              ludovic.dufrenoy Ludovic Dufrenoy (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty