[
https://issues.apache.org/jira/browse/ACCUMULO-1070?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Philip Young updated ACCUMULO-1070:
-----------------------------------
Attachment: accumulo-1070-1.patch
Here is a patch which addresses the issue:
- It enables Auditing via the AuditedSecurityOperation, which was previously
disabled. It adds AuditedSecurityOperation.getInstance() to allow this to be
instantiated.
- It enables Auditing of various security operations like: scan, rename,
delete tables, bulk import, export, clone, delete range.
- It removes Auditing of some security operations like userAuthenticated -
which we found to cause verbose and redundant auditing
- Audit messages are only generated if the appropriate log level is set, and
if the principal generating the message is non the !SYSTEM user.
- It adds another Translator type for the TColumn type
- It tests more stuff in the AccumuloApp
> Improve the auditing messages that are generated from the server.
> -----------------------------------------------------------------
>
> Key: ACCUMULO-1070
> URL: https://issues.apache.org/jira/browse/ACCUMULO-1070
> Project: Accumulo
> Issue Type: Improvement
> Components: master, tserver
> Affects Versions: 1.4.2
> Reporter: Philip Young
> Assignee: Eric Newton
> Labels: patch, security
> Attachments: accumulo-1070-1.patch
>
> Original Estimate: 168h
> Remaining Estimate: 168h
>
> Auditing of all user interactions, including system administrators, is
> sometimes required by a companies so that they can retrospectively audit user
> interactions after a security breach. Currently, not all user operations on
> the Accumulo server are generating audit messages and if they are, not in a
> consistent manner.
> The audit created in the AuditedSecurityOperations class are not currently
> creating consistent messages when an user passes the operation validation to
> when they fail the operation validation.
> Also, the Scan operations are not being audited and it would be very useful
> to know who has run scans and what those scans were, by including: the
> principal user, the column families, the ranges, etc.
>
> I am intending to address both of these issues and submit a patch in the next
> week.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
