Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhance OASP4j log-component by a separated security-log #569

Closed
preichel-cg opened this issue May 15, 2017 · 4 comments
Closed

Enhance OASP4j log-component by a separated security-log #569

preichel-cg opened this issue May 15, 2017 · 4 comments
Assignees
Labels
Milestone

Comments

@preichel-cg
Copy link
Contributor

@preichel-cg preichel-cg commented May 15, 2017

The plan is to use the OWASP Security Logging to extend the current Logback logging. Usage of "Security Markers" will allow to separate log messages into different log files depending on their assigned category.
see https://www.owasp.org/index.php/OWASP_Security_Logging_Project
and https://github.com/javabeanz/owasp-security-logging/wiki

@amarinso

This comment has been minimized.

Copy link
Member

@amarinso amarinso commented May 24, 2017

We have to think what does this mean on a dockerized/cloud environment where diferent log files really don't make any sense because there will be no filesystem.

Ok, technically there is a filesystem on the container but as it is ephemeral those files will go away when the container is brought down (which should be a usual case in a cloud environment)

For example, the first thing you have to do when deploying an app to the cloud is to disable all the log appenders but the console one. Because the orchestration planform running the container will usually only care about the standard output (please correct me if this is not the case and I'm wrong).... and it usually is used to be sent to a persistent storage like an elasticsearch or other log aggregation services.

@preichel-cg

This comment has been minimized.

Copy link
Contributor Author

@preichel-cg preichel-cg commented May 30, 2017

Thank you for the feedback and providing new insights for me.
If I understand your concern correctly, then we can still benefit from the additional functionality in a cloud container: one may change the appender classes to console and add corresponding keywords ("SECURITY", etc.) to their log patterns.
Afterwards, your mentioned log aggregation service could disentangle the log events according to their keywords. One drawback is that we would have to consider the safety during this additional transfer & processing step.
(I will present the status on thursday)

@amarinso

This comment has been minimized.

Copy link
Member

@amarinso amarinso commented May 30, 2017

Yes, we could add a new "field" to the log to indicate the category.

The transfer & processing step should be secured as you comment, that will be addressed by the selectec mechanism (logstash, fluentd, etc...)

Then on the store/query system (elasticsearch, Splunk, etc...) security should be addressed again so only "authorized" roles can access some categories.

@hohwille

This comment has been minimized.

Copy link
Member

@hohwille hohwille commented Dec 5, 2017

As I have merged the PR already, this should be solved so I can close now.
BTW: PR was created for develop branch and not release specific one. Will that work out, or did I mess something up with the merge?

@hohwille hohwille closed this Dec 5, 2017
@hohwille hohwille modified the milestones: oasp:3.0.0, oasp:2.5.0 Jan 8, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.