[jira] [Commented] (HBASE-27528) Add audit logs in MasterRpcServices

Mon, 12 Dec 2022 10:19:06 -0800 


    [ 
https://issues.apache.org/jira/browse/HBASE-27528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17646262#comment-17646262
 ] 

Bryan Beaudreault commented on HBASE-27528:
-------------------------------------------

 I think enabling the AccessController coprocessor would give you this, among 
other potential ACL enforcements. I actually wonder if the logging should be 
removed from MasterRpcServices to further unify things in one place 
(AccessController)

> Add audit logs in MasterRpcServices
> -----------------------------------
>
>                 Key: HBASE-27528
>                 URL: https://issues.apache.org/jira/browse/HBASE-27528
>             Project: HBase
>          Issue Type: Improvement
>          Components: logging, master, rpc, security
>            Reporter: Beibei Zhao
>            Priority: Major
>
> MasterRpcServices record audit log in privileged operations (grant, revoke) 
> and vital apis like "execMasterService".
>  
> {code:java}
> public ClientProtos.CoprocessorServiceResponse execMasterService(final 
> RpcController controller,
>     ......
>       String remoteAddress = 
> RpcServer.getRemoteAddress().map(InetAddress::toString).orElse("");
>       User caller = RpcServer.getRequestUser().orElse(null);
>       AUDITLOG.info("User {} (remote address: {}) master service request for 
> {}.{}", caller,
>         remoteAddress, serviceName, methodName);
>       return CoprocessorRpcUtils.getResponse(execResult, 
> HConstants.EMPTY_BYTE_ARRAY);
>     } catch (IOException ie) {
>       throw new ServiceException(ie);
>     }
>   }
> {code}
> There are many "write" operations like "deleteTable", which may cause 
> security problems, should also record an audit log.
> {code:java}
>   public DeleteTableResponse deleteTable(RpcController controller, 
> DeleteTableRequest request)
>     throws ServiceException {
>     try {
>       long procId = 
> server.deleteTable(ProtobufUtil.toTableName(request.getTableName()),
>         request.getNonceGroup(), request.getNonce());
>       // an audit log is required here.
>       return DeleteTableResponse.newBuilder().setProcId(procId).build();
>     } catch (IOException ioe) {
>       throw new ServiceException(ioe);
>     }
>   }
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to