[jira] [Commented] (ACCUMULO-1070) Improve the auditing messages that are generated from the server.

Thu, 07 Mar 2013 08:04:15 -0800 

    [ 
https://issues.apache.org/jira/browse/ACCUMULO-1070?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13595997#comment-13595997
 ] 

Keith Turner commented on ACCUMULO-1070:
----------------------------------------

bq. Can you explain what credentials.getTokenClassName() gives us that would be 
useful for auditing?

[~ctubbsii] or [~vines] may be able to give you a more precises explanation.  
This is all in flux.   Basically, it possible for a user to authenticate 
against a user database in zookeeper or a pluggable authentication system like 
ldap.  I think the token class name may give a clue as to which the user is 
attempting to use.
                
> Improve the auditing messages that are generated from the server.
> -----------------------------------------------------------------
>
>                 Key: ACCUMULO-1070
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-1070
>             Project: Accumulo
>          Issue Type: Improvement
>          Components: master, tserver
>    Affects Versions: 1.4.2
>            Reporter: Philip Young
>            Assignee: Philip Young
>              Labels: patch, security
>             Fix For: 1.6.0
>
>         Attachments: accumulo-1070-1.patch, accumulo-1070-2.patch
>
>   Original Estimate: 168h
>  Remaining Estimate: 168h
>
> Auditing of all user interactions, including system administrators, is 
> sometimes required by a companies so that they can retrospectively audit user 
> interactions after a security breach. Currently, not all user operations on 
> the Accumulo server are generating audit messages and if they are, not in a 
> consistent manner. 
> The audit created in the AuditedSecurityOperations class are not currently 
> creating consistent messages when an user passes the operation validation to 
> when they fail the operation validation.
> Also, the Scan operations are not being audited and it would be very useful 
> to know who has run scans and what those scans were, by including: the 
> principal user, the column families, the ranges, etc.
>  
> I am intending to address both of these issues and submit a patch in the next 
> week.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to