On Tue, Jan 28, 2025 at 7:56 AM Anakien Skywalker <[email protected]> wrote:
> Hello, > > I have checked source code, and found the user id is generated randomly > using some prefix. > They are random. I do not believe there is any common prefix - it is just a UUID. > > This is not so good for audit logs. Maybe someone from guacamole > maintainers could look into it? > > вт, 10 дек. 2024 г. в 23:43, Anakien Skywalker <[email protected]>: > >> Hello, >> >> Thank you Peter for such detailed analysis. >> >> I would like to add a few comments: >> >> Any logging application (promtail, fluentd etc) attaches timestamp >> without any problem. >> >> Timestamp itself can't be the source of truth since when guacamole is >> used by multiple users at the same time it is impossible to match the >> events. >> >> Internal connections history is nice. But from a security perspective the >> last source of truth usually is logging. >> >> There is no direct link or mapping between the UUIDs generated for users and connections in guacd and those used by Guacamole Client - indeed, guacd has no direct knowledge of the user accounts present in the client. There is an open feature request for adding some linkage between guacd's generated UUIDs and the client; however, nothing has been done on it, yet: https://issues.apache.org/jira/browse/GUACAMOLE-752 Finally I'll mention that, if auditing is important to you, you can use connection recording with the history recording extension to more directly link sessions between the client and guacd: https://guacamole.apache.org/doc/gug/recording-playback.html -Nick >
