[
https://issues.apache.org/jira/browse/HDFS-3535?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13400859#comment-13400859
]
Andy Isaacson commented on HDFS-3535:
-------------------------------------
{quote}
The one audit log that doesn't have a corresponding log for failure is
logFsckEvent, though given that we get the ugi from the request it seems like
that case could result in an ACE as well right?
{quote}
the fsck audit event is logged before the fsck command is run, so it can't fail
to generate the audit event. Also fsck is special in that it's implemented as a
URL fetch, so I don't think the UGI is enforced. This is probably a bug, and
the audit logging will need to be fixed when that bug is fixed.
{quote}
Let's use fooInternal vs fooInt to match the existing "fooInternal" methods
{quote}
That would collide with several existing uses: concatInternal,
createSymlinkInternal, startFileInternal, renameToInternal, etc. I
specifically chose a suffix not previously used to avoid code churn. Perhaps a
different suffix than "Int" would convey this better, LMK if you have any good
ideas.
{quote}
Normally the checks are used before the method invocation if we're doing
expensive things to create the args (eg lots of string concatenation) not to
save the cost of the method invocation. Doesn't look like that's the case here
(we're not constructing args) so we could just call logAuditEvent directly
everywhere.
{quote}
There are a bunch of uses of logAuditEvent that do need to check if audit
logging is enabled before constructing log messages, etc. I considered
refactoring them all and concluded that it was out of scope for this change. I
decided not to change the existing idiom (verbose though it is) before
refactoring all users of the interface, which should be a separate change.
> audit logging should log denied accesses as well as permitted ones
> ------------------------------------------------------------------
>
> Key: HDFS-3535
> URL: https://issues.apache.org/jira/browse/HDFS-3535
> Project: Hadoop HDFS
> Issue Type: New Feature
> Components: name-node
> Affects Versions: 2.0.0-alpha
> Reporter: Andy Isaacson
> Assignee: Andy Isaacson
> Attachments: hdfs-3535-1.txt, hdfs-3535.txt
>
>
> FSNamesystem.java logs an audit log entry when a user successfully accesses
> the filesystem:
> {code}
> logAuditEvent(UserGroupInformation.getLoginUser(),
> Server.getRemoteIp(),
> "concat", Arrays.toString(srcs), target, resultingStat);
> {code}
> but there is no similar log when a user attempts to access the filesystem and
> is denied due to permissions. Competing systems do provide such logging of
> denied access attempts; we should too.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
