-
Type: Improvement
-
Resolution: Duplicate
-
Priority: Minor - P4
-
None
-
Affects Version/s: None
-
Component/s: Security
-
None
Hi Security dev team!
I was configuring auditing at my new workplace. The basic idea is:
auditLog: destination: file format: JSON path: /tmp/audit.json filter: '{atype: {$in: [ "authenticate", "authCheck", "renameCollection", "dropCollection", "dropDatabase", "createUser", "dropUser", "dropAllUsersFromDatabase", "updateuser", "grantRolesToUser", "revokeRolesFromUser", "createRole", "updateRole", "dropRole", "dropAllRolesFromDatabase", "grantRolesToRole", "revokeRolesFromRole", "grantPrivilegesToRole", "revokePrivilegesFromRole", "enableSharding", "shardCollection", "addShard", "removeShard", "shutdown", "applicationMessage" ]}}'
Whilst I was doing this I realized for the first time there is no auditing for replSetConfigure actions. So a Naughty DBA could for example execute start a node on their desktop or some useful computer, then rs.add('my_desktop_fqdn:27017'), sync, then 'rs.remove('my_desktop_fqdn:27017'), and they'd have a copy of the data directory without anything appearing in the audit log. It would be in the normal logs, but that's not as hard to cover up.
I couldn't find any existing JIRA tickets that mention this, now that I'm logged in as a public user.
Is there any reason that auditing replSetConfigure actions has been excluded? If not I'd like to request this as an enhancement. (Ideally backported to 3.6 too.)
Cheers from Tokyo,
Akira
- duplicates
-
SERVER-20845 re-add replSetReconfig to auditing suite
- Closed