Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-13087

Improve audit config flag sanity checks

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 3.3.11
    • Affects Version/s: 2.6.0-rc1
    • Component/s: Security
    • Environment:
       uname -a
      Linux ip-10-33-128-100 3.4.73-64.112.amzn1.x86_64 #1 SMP Tue Dec 10 01:50:05 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
    • Fully Compatible
    • ALL
    • Security (08/08/16), Security 19 (08/29/16)

      It is possible to run mongod specifying --auditPath but not --auditDestination.
      This will result in no audit, and should be unallowed to run mongod using these options.

      [ec2-user@ip-10-33-128-100 bin]$ ./mongod --auditPath foo.txt --dbpath db
      

      Also, the code already does some checks, e.g. it complains if --auditFormat is not specified while --auditDestination is.

      [ec2-user@ip-10-33-128-100 bin]$ ./mongod --auditDestination file --dbpath db
      2014-03-07T01:32:16.431+0000 SEVERE: Failed global initialization: BadValue auditLog.format must be specified when auditLog.destination is to a file
      

            Assignee:
            andreas.nilsson Andreas Nilsson
            Reporter:
            davide.italiano Davide Italiano
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: