Details
Description
PRD for system event logs says:
Usernames, Passwords, Certificates, Document IDs, Document Keys and Values, Email Addresses and other sensitive data are absolutely not allowed to be stored in the System Event Log.
|
And trying to enable saslauthd with some fake sasl users generates the event with users un-redacted.
{"timestamp":"2022-01-12T11:14:15.001Z","event_id":9221,"component":"security","description":"sasldauth config changed","severity":"info","node":"172.23.136.112","otp_node":"ns_1@172.23.136.112","uuid":"b67a775c-29ef-40d6-9e3c-8c42e7f6893d","extra_attributes":{"old_settings":{"enabled":false,"admins":[],"roAdmins":[]},"new_settings":{"enabled":true,"admins":["alice,barry"],"roAdmins":["clair,daniel"]}}}]
|
(I do not know if sasl users qualify to the restriction put above in the PRD.)