Bug 980152

Summary: [RFE] Add audit trail for all actions performed via UI and CLI
Product: Red Hat Satellite Reporter: Og Maciel <omaciel>
Component: Audit LogAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED DUPLICATE QA Contact: Katello QA List <katello-qa-list>
Severity: high Docs Contact:
Priority: high    
Version: 6.0.1CC: aladke, andrew.schofield, arahaman, bkearney, dgross, kabbott, mmccune, mvanderw, riehecky, sauchter, shughes, xdmoon
Target Milestone: UnspecifiedKeywords: FutureFeature, PrioBumpGSS, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-01-18 19:48:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1115190, 1317008    

Description Og Maciel 2013-07-01 14:39:17 UTC 
Description of problem:

Currently we track and save all UI actions into the Notifications page (i.e. changeset creation, promotion, new users, roles, etc), but the same does not happen if actions are performed via the CLI. What I'd like to see is an audit trail for all actions performed via CLI but perhaps without any type of visual notification as the objective here is only to keep an audit trail.

Version-Release number of selected component (if applicable):

* apr-util-ldap-1.3.9-3.el6_0.1.x86_64
* candlepin-0.8.9-1.el6_4.noarch
* candlepin-scl-1-5.el6_4.noarch
* candlepin-scl-quartz-2.1.5-5.el6_4.noarch
* candlepin-scl-rhino-1.7R3-1.el6_4.noarch
* candlepin-scl-runtime-1-5.el6_4.noarch
* candlepin-selinux-0.8.9-1.el6_4.noarch
* candlepin-tomcat6-0.8.9-1.el6_4.noarch
* elasticsearch-0.19.9-8.el6sat.noarch
* foreman-1.1.10014-1.noarch
* foreman-compute-1.1.10014-1.noarch
* foreman-installer-puppet-concat-0-2.d776701.git.0.21ef926.el6sat.noarch
* foreman-installer-puppet-dhcp-0-5.3a4a13c.el6sat.noarch
* foreman-installer-puppet-dns-0-7.fcae203.el6sat.noarch
* foreman-installer-puppet-foreman-0-6.568c5c4.el6sat.noarch
* foreman-installer-puppet-foreman_proxy-0-8.bd1e35d.el6sat.noarch
* foreman-installer-puppet-puppet-0-3.ab46748.el6sat.noarch
* foreman-installer-puppet-tftp-0-5.ea6c5e5.el6sat.noarch
* foreman-installer-puppet-xinetd-0-50a267b8.git.0.44aca6a.el6sat.noarch
* foreman-libvirt-1.1.10014-1.noarch
* foreman-postgresql-1.1.10014-1.noarch
* foreman-proxy-1.1.10003-1.el6sat.noarch
* foreman-proxy-installer-1.0.1-10.f5ae2cd.el6sat.noarch
* katello-1.4.2-18.el6sat.noarch
* katello-all-1.4.2-18.el6sat.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.4.2-2.el6sat.noarch
* katello-cli-1.4.2-8.el6sat.noarch
* katello-cli-common-1.4.2-8.el6sat.noarch
* katello-common-1.4.2-18.el6sat.noarch
* katello-configure-1.4.3-16.el6sat.noarch
* katello-configure-foreman-1.4.3-16.el6sat.noarch
* katello-foreman-all-1.4.2-18.el6sat.noarch
* katello-glue-candlepin-1.4.2-18.el6sat.noarch
* katello-glue-elasticsearch-1.4.2-18.el6sat.noarch
* katello-glue-pulp-1.4.2-18.el6sat.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-1.4.3-3.el6sat.noarch
* openldap-2.4.23-31.el6.x86_64
* pulp-rpm-plugins-2.1.3-0.1.beta.el6sat.noarch
* pulp-selinux-2.1.3-0.1.beta.el6sat.noarch
* pulp-server-2.1.3-0.1.beta.el6sat.noarch
* python-ldap-2.3.10-1.el6.x86_64
* ruby193-rubygem-ldap_fluff-0.2.2-1.el6sat.noarch
* ruby193-rubygem-net-ldap-0.3.1-2.el6sat.noarch
* ruby193-rubygem-runcible-0.4.10-1.el6sat.noarch
* signo-0.0.19-1.el6sat.noarch
* signo-katello-0.0.19-1.el6sat.noarch

How reproducible:


Steps to Reproduce:
1. Use the CLI to create users, roles, orgs, etc
2.
3.

Actual results:

None of these actions are registered anywhere. If you were to use the UI however, we do track all these actions in the Notifications page

Expected results:


Additional info:
Comment 3 Andrew Schofield 2015-12-11 23:56:06 UTC 
CLI actions to create user now (in 6.1.4) seem to generate an audit entry. However, modification of said user (for example, adding additional roles) does not.
Comment 5 Stuart Auchterlonie 2016-01-13 09:19:41 UTC 
There also appears to be no way to retrieve the audit data via hammer.
It is only available via the GUI.

Please include a way to retrieve this data via hammer.
Comment 11 Bryan Kearney 2018-01-18 19:48:00 UTC 

*** This bug has been marked as a duplicate of bug 1155817 ***