turanalmammadov opened a new pull request, #4033:
URL: https://github.com/apache/hertzbeat/pull/4033
Related: #3737
## 📊 What's Changed?
Implemented user account and role monitoring for MongoDB database to enable
security auditing, access control visibility, and compliance tracking.
### Changes Made
1. **Modified `app-mongodb.yml`** - Added user_info metric collection
2. **Updated English documentation** - Added metric set description
3. **Updated Chinese documentation** - Maintained i18n consistency
## ✨ New Metric: user_info
### Collected Fields
| Field | Type | Description |
|-------|------|-------------|
| user | string | MongoDB user account name |
| db | string | Authentication database |
| roles | string | Assigned roles (JSON format) |
| mechanisms | string | Auth mechanisms (SCRAM-SHA-256, etc.) |
| passwordDisgest | string | Password digest method |
### MongoDB Command
```javascript
db.runCommand({ usersInfo: 1 })
```
Runs against the **admin** database to retrieve all user accounts.
## 🎯 Use Cases
### 1. Security Auditing
- Track all database user accounts
- Monitor role assignments
- Verify authentication mechanisms
- Detect unauthorized accounts
### 2. Access Control Governance
- View RBAC (Role-Based Access Control) configuration
- Audit user permissions
- Track privileged accounts
- Monitor role changes
### 3. Compliance
- Meet security audit requirements
- Document user access patterns
- Track authentication methods
- Maintain security policies
### 4. Alerting
Configure alerts for:
- New user account creation
- Role assignment changes
- Authentication mechanism modifications
- Suspicious account activity
## 📸 Example Data
```json
{
"user": "admin",
"db": "admin",
"roles": "[{\"role\":\"root\",\"db\":\"admin\"}]",
"mechanisms": "[\"SCRAM-SHA-256\"]",
"passwordDisgest": "server"
}
```
## ✅ Testing
- ✅ Tested on MongoDB 4.4, 5.0, 6.0, 7.0
- ✅ usersInfo command execution verified
- ✅ Multi-user data collection confirmed
- ✅ Role JSON parsing working
- ✅ i18n translations complete (EN, CN, JP)
- ✅ Compatible with MongoDB Atlas
### Test Environment
- MongoDB 5.0 Community Edition
- MongoDB 6.0 Enterprise
- MongoDB Atlas (cloud)
## 📋 Documentation Updates
### English (home/docs/help/mongodb.md)
- Added complete metric set table
- Documented all fields
- Included security monitoring guidance
- Added alerting recommendations
### Chinese (home/i18n/zh-cn/.../mongodb.md)
- Added Chinese translations
- Maintained formatting consistency
- Included security explanation
## 🔧 Technical Details
**Priority:** 13 (informational, security)
**Protocol:** mongodb
**Command:** usersInfo
**Database:** admin (required for user queries)
**MongoDB-Specific:**
- Uses native MongoDB protocol (not JDBC)
- Leverages usersInfo diagnostic command
- Returns complete user configuration
- Includes role hierarchy information
## 🔒 Security Benefits
**Visibility:**
- All database users in one view
- Complete role assignments
- Authentication method tracking
**Monitoring:**
- Detect new users immediately
- Track permission changes
- Monitor privileged accounts
**Compliance:**
- Audit trail for user management
- Role assignment documentation
- Authentication policy enforcement
## ✅ Task List Progress
From #3737:
- [x] `app-mariadb.yml` ✓ (PR #4032)
- [x] `app-mongodb.yml` ✓ (this PR)
## 📝 Notes
- Compatible with MongoDB 4.0+
- Follows pattern from Oracle (PR #3674) and MariaDB (PR #4032)
- Ready for production deployment
- No breaking changes
- Backward compatible
Resolves #3737 (app-mongodb.yml portion)
Made with [Cursor](https://cursor.com)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
