Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Critical
Fix Version/s: 7.1.0
Affects Version/s: 7.1.0
Component/s: ns_server
Labels:
None
Environment:
Centos 7 64 bit; CB EE 7.1.0-2036

Story Points:
1

Description

PRD for system event logs says:

Usernames, Passwords, Certificates, Document IDs, Document Keys and Values, Email Addresses and other sensitive data are absolutely not allowed to be stored in the System Event Log.

And trying to enable saslauthd with some fake sasl users generates the event with users un-redacted.

{"timestamp":"2022-01-12T11:14:15.001Z","event_id":9221,"component":"security","description":"sasldauth config changed","severity":"info","node":"172.23.136.112","otp_node":"ns_1@172.23.136.112","uuid":"b67a775c-29ef-40d6-9e3c-8c42e7f6893d","extra_attributes":{"old_settings":{"enabled":false,"admins":[],"roAdmins":[]},"new_settings":{"enabled":true,"admins":["alice,barry"],"roAdmins":["clair,daniel"]}}}]

(I do not know if sasl users qualify to the restriction put above in the PRD.)

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Hareen Kancharla

Reporter:: Sumedh Basarkod (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 12/Jan/22 3:29 AM

Updated:: 19/Jan/22 3:08 PM

Resolved:: 19/Jan/22 1:32 PM

Gerrit Reviews

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

MB-50356: Redact sasl users in event log: Gerrit Review:

SASL users can get printed in system event log

Details

Description

Attachments

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews

PagerDuty