Feature #54564
openChanges to auth_allow_insecure_global_id_reclaim are not in the audit log
0%
Description
I expect that all setting changes will show up in the audit log (based on https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/3/html-single/data_security_and_hardening_guide/index#auditing-administrator-actions-security). However, this setting doesn't show up there.
The impact was that our monitoring started showing warnings after a coworker set that setting to true. I spent a couple of hours trying to understand how it got flipped from false, which is the default in our deployments. It would have been great help to see it in the audit log, but even worse, when I didn't see it there I assumed the change was coming from somewhere else.
Once I know what was going on, I was able to find the setting change in the /var/log/ceph/ceph-mon.* log files for a different Ceph node than the one I was logged on. The advantage of the audit log is that it's the same in all nodes.
Updated by Venky Shankar about 2 years ago
- Project changed from CephFS to RADOS
- Assignee set to Neha Ojha
Neha - changing component to RADOS.
Updated by Neha Ojha about 2 years ago
- Tracker changed from Bug to Feature
- Assignee deleted (
Neha Ojha) - Tags set to low-hanging-fruit
Updated by Laura Flores almost 2 years ago
- Translation missing: en.field_tag_list set to low-hanging-fruit