1260936 – [RFE] enable logging of commands run via "oc exec" for auditing purposes

Bug 1260936 - [RFE] enable logging of commands run via "oc exec" for auditing purposes

Summary: [RFE] enable logging of commands run via "oc exec" for auditing purposes

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	RFE
Sub Component:
Version:	3.0.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	low
Target Milestone:	---
Target Release:	3.2.1
Assignee:	Andy Goldstein
QA Contact:	Xingxing Xia
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1267746
TreeView+	depends on / blocked

Reported:	2015-09-08 09:21 UTC by Ali Sogukpinar
Modified:	2019-12-16 04:55 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-09-28 11:37:44 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Origin (Github)	3742	0	None	None	None	Never

Description Ali Sogukpinar 2015-09-08 09:21:35 UTC

3. What is the nature and description of the request?  
   
Be able to log executed commands for auditing purpose 

4. Why does the customer need this? (List the business requirements here)  
   
To be able to host application with PCI compliance requirement, OSE platform should provide audit logs for executed commands, or oc exec commands needs to disabled.


5. How would the customer like to achieve this? (List the functional requirements here)  
   
The customer can try to execute some commands and that needs to be logged if he is allowed or logged also when the access has been denied.

6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.  
   
Just be able to see the executed command in some logs outside the container or inside a persistent storage on the OpenShift project, or sent to a syslog server over ssl.

7. Is there already an existing RFE upstream or in Red Hat Bugzilla?  
https://github.com/openshift/origin/issues/3742

8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?
End of this year, November 2015

Comment 5 Mike McCune 2016-03-28 23:03:07 UTC

This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions

Comment 6 Andy Goldstein 2016-07-25 17:43:06 UTC

Logging of all interactions with the master was added in 3.2.1.

Comment 7 weiwei jiang 2016-08-08 05:32:49 UTC

According to comment https://bugzilla.redhat.com/show_bug.cgi?id=1260936#c3 and https://bugzilla.redhat.com/show_bug.cgi?id=1260936#c6 move to verified.

Comment 8 Miheer Salunke 2016-10-04 12:53:48 UTC

Is this fix available in 3.3 ?

Comment 9 Andy Goldstein 2016-10-04 13:41:42 UTC

Miheer, please see comment 6

Note You need to log in before you can comment on or make changes to this bug.