Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Logfile audit settings validation #52537

Merged
merged 3 commits into from Feb 24, 2020
Merged

Logfile audit settings validation #52537

merged 3 commits into from Feb 24, 2020

Conversation

albertzaharovits
Copy link
Contributor

@albertzaharovits albertzaharovits commented Feb 19, 2020
edited

Add validation for the following logfile audit settings:

  • xpack.security.audit.logfile.events.include
  • xpack.security.audit.logfile.events.exclude
  • xpack.security.audit.logfile.events.ignore_filters.*.users
  • xpack.security.audit.logfile.events.ignore_filters.*.realms
  • xpack.security.audit.logfile.events.ignore_filters.*.roles
  • xpack.security.audit.logfile.events.ignore_filters.*.indices

Closes #52357
Relates #47711 #47038
Follows the example from #47246

@albertzaharovits albertzaharovits self-assigned this Feb 19, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (:Security/Audit)

tvernum
tvernum approved these changes Feb 21, 2020
View reviewed changes
Copy link
Contributor

@tvernum tvernum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@albertzaharovits albertzaharovits merged commit aa01487 into elastic:master Feb 24, 2020
@albertzaharovits albertzaharovits deleted the logging-audit-trail-bug branch February 24, 2020 10:30
@albertzaharovits albertzaharovits mentioned this pull request Feb 24, 2020
Merged
albertzaharovits added a commit to albertzaharovits/elasticsearch that referenced this pull request Feb 24, 2020
@albertzaharovits
Logfile audit settings validation (elastic#52537)
ec255ec 
Add validation for the following logfile audit settings:

    xpack.security.audit.logfile.events.include
    xpack.security.audit.logfile.events.exclude
    xpack.security.audit.logfile.events.ignore_filters.*.users
    xpack.security.audit.logfile.events.ignore_filters.*.realms
    xpack.security.audit.logfile.events.ignore_filters.*.roles
    xpack.security.audit.logfile.events.ignore_filters.*.indices

Closes elastic#52357
Relates elastic#47711 elastic#47038
Follows the example from elastic#47246
@albertzaharovits albertzaharovits mentioned this pull request Feb 24, 2020
Merged
albertzaharovits added a commit to albertzaharovits/elasticsearch that referenced this pull request Feb 24, 2020
@albertzaharovits
Logfile audit settings validation (elastic#52537)
a7da064 
Add validation for the following logfile audit settings:

    xpack.security.audit.logfile.events.include
    xpack.security.audit.logfile.events.exclude
    xpack.security.audit.logfile.events.ignore_filters.*.users
    xpack.security.audit.logfile.events.ignore_filters.*.realms
    xpack.security.audit.logfile.events.ignore_filters.*.roles
    xpack.security.audit.logfile.events.ignore_filters.*.indices

Closes elastic#52357
Relates elastic#47711 elastic#47038
Follows the example from elastic#47246
@albertzaharovits albertzaharovits mentioned this pull request Feb 24, 2020
Closed
albertzaharovits added a commit that referenced this pull request Feb 24, 2020
@albertzaharovits
Logfile audit settings validation (#52537)
c2678ac 
Add validation for the following logfile audit settings:

    xpack.security.audit.logfile.events.include
    xpack.security.audit.logfile.events.exclude
    xpack.security.audit.logfile.events.ignore_filters.*.users
    xpack.security.audit.logfile.events.ignore_filters.*.realms
    xpack.security.audit.logfile.events.ignore_filters.*.roles
    xpack.security.audit.logfile.events.ignore_filters.*.indices

Closes #52357
Relates #47711 #47038
Follows the example from #47246
@albertzaharovits
Copy link
Contributor Author

There is no list setting validator in the 6.8 code branch, so avoiding backport for now.

albertzaharovits added a commit that referenced this pull request Feb 24, 2020
@albertzaharovits
Logfile audit settings validation (#52537)
33131e2 
Add validation for the following logfile audit settings:

    xpack.security.audit.logfile.events.include
    xpack.security.audit.logfile.events.exclude
    xpack.security.audit.logfile.events.ignore_filters.*.users
    xpack.security.audit.logfile.events.ignore_filters.*.realms
    xpack.security.audit.logfile.events.ignore_filters.*.roles
    xpack.security.audit.logfile.events.ignore_filters.*.indices

Closes #52357
Relates #47711 #47038
Follows the example from #47246
@codebrain codebrain mentioned this pull request Apr 1, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tvernum tvernum tvernum approved these changes

Assignees

@albertzaharovits albertzaharovits

Labels
>bug :Security/Audit X-Pack Audit logging v7.6.1 v7.7.0 v8.0.0-alpha1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Logging audit trail exclude/include settings are not validated if disabled
4 participants
@albertzaharovits @elasticmachine @tvernum @jakelandis