Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-50336

System event is missing when audit settings are modified by disabling audit for an user

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 7.1.0
    • 7.1.0
    • ns_server
    • Centos 7 64 bit; CB EE 7.1.0-2036

    Description

      Summary:
      When a user modifies audit settings along with disabling audit events for a user, the corresponding system event is not logged.

      Steps to Repro
      1. Create a 2 node KV cluster with nodes: 172.23.136.108, 172.23.136.111
      2. Create a local user "myuser".
      3. Start event streaming to observe the latest events logged.

      curl -v -u Administrator:password http://172.23.136.112:8091/eventsStreaming

      4. Enable audit. The corresponding security event is logged as expected

      {"timestamp":"2022-01-11T15:43:53.213Z","event_id":9216,"component":"security","description":"Audit enabled","severity":"info","node":"172.23.136.111","otp_node":"ns_1@172.23.136.111","uuid":"eef95ba5-8ae4-44f6-a253-54b610ad1c01","extra_attributes":{"new_settings":{"enabled_audit_ids":[8243,8257,8265,20480,20482,20483,20492,20494,32768,32769,32773,32774,32775,32776,32777,32778,32779,32781,32784,32789,32790,32791,32792,32794,32797,36865,36866,40960,40961,40962,40964,40966,45056,45058,45059,45060,45062,45063,45064,45065,45067,45068,45069,45071,45072,45073,45074],"log_path":"/opt/couchbase/var/lib/couchbase/logs","rotate_interval":86400,"rotate_size":20971520}}}]

      5. Now modify the audit settings by enabling "read document" audit event and disabling the audit events for user "myuser". Observe the eventStreaming api. No event for "audit configuration changed" is logged. (The only events that I see logged here are from view engine as event " View engine settings modified", but that leaks the username for which I opened MB-50302

      But on a different cluster, I tried the 5th step without disabling the audit events for user , and I see the event getting logged fine. 

      ,{"timestamp":"2022-01-11T15:48:02.074Z","event_id":9218,"component":"security","description":"Audit configuration changed","severity":"info","node":"172.23.136.112","otp_node":"ns_1@172.23.136.112","uuid":"737d476c-264a-4cc4-a3b6-f1ac12ce495c","extra_attributes":{"old_settings":{"disabled_users":[],"enabled_audit_ids":[8243,8257,8265,20480,20482,20483,20492,20494,32768,32769,32773,32774,32775,32776,32777,32778,32779,32781,32784,32789,32790,32791,32792,32794,32797,36865,36866,40960,40961,40962,40964,40966,45056,45058,45059,45060,45062,45063,45064,45065,45067,45068,45069,45071,45072,45073,45074],"log_path":"/opt/couchbase/var/lib/couchbase/logs","rotate_interval":86400,"rotate_size":20971520,"sync":[]},"new_settings":{"enabled_audit_ids":[8243,8255,8257,8265,20480,20482,20483,20492,20494,32768,32769,32773,32774,32775,32776,32777,32778,32779,32781,32784,32789,32790,32791,32792,32794,32797,36865,36866,40960,40961,40962,40964,40966,45056,45058,45059,45060,45062,45063,45064,45065,45067,45068,45069,45071,45072,45073,45074],"log_path":"/opt/couchbase/var/lib/couchbase/logs","rotate_interval":86400,"rotate_size":20971520}}}

       

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            hareen.kancharla Hareen Kancharla
            sumedh.basarkod Sumedh Basarkod (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty