Bug 871367

Summary: [Spacewalk1.7 on Cento6] Audit shows all machines audit logs of all organizations
Product: [Community] Spacewalk Reporter: wodel <wodel_doom>
Component: ServerAssignee: Tomas Lestach <tlestach>
Status: CLOSED EOL QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 1.7CC: mmraka, mzazrivec, tlestach
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-13 13:30:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description wodel 2012-10-30 10:28:43 UTC 
Description of problem:

Hi, and excuse the English

I've a running Spacewalk 1.7 on Centos 6, I've created two organizations and registered two machines in each organization, I've followed the
wiki to configure the Audit:
https://fedorahosted.org/spacewalk/wiki/AuditReviewing
http://roysjosh.blogspot.com/2012/07/basic-audit-re-viewing-in-spacewalk.html


The problem is, when I connect to an organization, I can see the Audit log of all machines even if they don't belong to that organization, is it normal?




Version-Release number of selected component (if applicable):
Spacewalk 1.7
Cetnos 6.3 i386
with Postgresql 8.4 as database backend

How reproducible:
Always

Steps to Reproduce:
1.Create a new organisation (or more), then register two machines each on in a different organization.
2.Configure Audit log as shown in the wiki:
  - add "web.audit.logdir = /var/satellite/systemlogs" to /etc/rhn/rhn.conf
  - create the directories 
    cd /var/satellite
    mkdir systemlogs; mkdir host1{,/audit} host2{,/audit} localhost{,/audit}
  - Generate Audit log for each machine, and parse it with aup commande
  - Copy the result of each machine in the right directory
  - Log in with the diffrent admin of each organization, click Audit, you will see all the audit log of all machines.

Actual results:
The Audit log of all machines is accessible to all accounts, even if the belong to other organization.

Expected results:
Each organization can see only it's own machines Audit log.

Additional info:
Comment 1 Michael Mráka 2012-11-23 16:07:57 UTC 
Unfortunately it show all logs in web.audit.logdir. Even for non-existent hosts.
Comment 2 Jan Pazdziora 2012-12-07 20:06:28 UTC 
Also reported in
https://www.redhat.com/archives/spacewalk-list/2012-October/msg00203.html
Comment 3 Jan Pazdziora 2012-12-07 20:06:54 UTC 
*** Bug 885024 has been marked as a duplicate of this bug. ***
Comment 5 Jan Pazdziora 2017-10-18 07:46:32 UTC 
Is this still an active issue? Might it be this is a security issue?
Comment 7 Michael Mráka 2020-03-13 13:30:05 UTC 
Spacewalk 2.8 (and older) has already reached it's End Of Life.

Thank you for reporting this issue and we are sorry that we were not
able to fix it before end of life. If you would still like
to see this bug fixed and are able to reproduce it against current version
of Spacewalk 2.9, you are encouraged change the 'version' and re-open it.