Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-55014

KillCursors operation is not audited in legacy mode console

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 5.0.0
    • Affects Version/s: None
    • Component/s: None
    • None
    • Minor Change
    • ALL
    • Hide
      • Start mongod with auditing enabled
      • Prepare a table with some dummy data
          for (let i = 0; i < 100; i++) {
              assert.writeOK(db.audit.insert({ _id: i }));
          }
      
      • Connect to mongod using console in legacy mode such as:
      mongo 127.0.0.1:20000/admin --readMode=legacy --useLegacyWriteOps
      
      • Execute following code:
                  let query = db.audit.find().batchSize(1); 
                  query.next();
                  query.close();
      
      • Observe that there is an event "atype=authCheck,command=find", followed by "atype=authCheck,command=endSessions". There is no "atype=authCheck,command=killCursors".
      • Wireshark does demonstrate that there indeed is a killCursors operation:

      Show
      Start mongod with auditing enabled Prepare a table with some dummy data for (let i = 0; i < 100; i++) { assert .writeOK(db.audit.insert({ _id: i })); } Connect to mongod using console in legacy mode such as: mongo 127.0.0.1:20000/admin --readMode=legacy --useLegacyWriteOps Execute following code: let query = db.audit.find().batchSize(1); query.next(); query.close(); Observe that there is an event "atype=authCheck,command=find", followed by "atype=authCheck,command=endSessions". There is no "atype=authCheck,command=killCursors". Wireshark does demonstrate that there indeed is a killCursors operation:
    • Security 2021-03-22

          Assignee:
          sergey.galtsev@mongodb.com Sergey Galtsev (Inactive)
          Reporter:
          sergey.galtsev@mongodb.com Sergey Galtsev (Inactive)
          Votes:
          0 Vote for this issue
          Watchers:
          1 Start watching this issue

            Created:
            Updated:
            Resolved: