Bug 1260936 - [RFE] enable logging of commands run via "oc exec" for auditing purposes
Summary: [RFE] enable logging of commands run via "oc exec" for auditing purposes
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: RFE
Version: 3.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ---
: 3.2.1
Assignee: Andy Goldstein
QA Contact: Xingxing Xia
URL:
Whiteboard:
Depends On:
Blocks: 1267746
TreeView+ depends on / blocked
 
Reported: 2015-09-08 09:21 UTC by Ali Sogukpinar
Modified: 2019-12-16 04:55 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-09-28 11:37:44 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Origin (Github) 3742 0 None None None Never

Description Ali Sogukpinar 2015-09-08 09:21:35 UTC
3. What is the nature and description of the request?  
   
Be able to log executed commands for auditing purpose 

4. Why does the customer need this? (List the business requirements here)  
   
To be able to host application with PCI compliance requirement, OSE platform should provide audit logs for executed commands, or oc exec commands needs to disabled.


5. How would the customer like to achieve this? (List the functional requirements here)  
   
The customer can try to execute some commands and that needs to be logged if he is allowed or logged also when the access has been denied.

6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.  
   
Just be able to see the executed command in some logs outside the container or inside a persistent storage on the OpenShift project, or sent to a syslog server over ssl.

7. Is there already an existing RFE upstream or in Red Hat Bugzilla?  
https://github.com/openshift/origin/issues/3742

8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?
End of this year, November 2015

Comment 5 Mike McCune 2016-03-28 23:03:07 UTC
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions

Comment 6 Andy Goldstein 2016-07-25 17:43:06 UTC
Logging of all interactions with the master was added in 3.2.1.

Comment 7 weiwei jiang 2016-08-08 05:32:49 UTC
According to comment https://bugzilla.redhat.com/show_bug.cgi?id=1260936#c3 and https://bugzilla.redhat.com/show_bug.cgi?id=1260936#c6 move to verified.

Comment 8 Miheer Salunke 2016-10-04 12:53:48 UTC
Is this fix available in 3.3 ?

Comment 9 Andy Goldstein 2016-10-04 13:41:42 UTC
Miheer, please see comment 6


Note You need to log in before you can comment on or make changes to this bug.