Bug 1260936 - [RFE] enable logging of commands run via "oc exec" for auditing purposes
[RFE] enable logging of commands run via "oc exec" for auditing purposes
Status: CLOSED CURRENTRELEASE
Product: OpenShift Container Platform
Classification: Red Hat
Component: RFE (Show other bugs)
3.0.0
Unspecified Unspecified
unspecified Severity low
: ---
: 3.2.1
Assigned To: Andy Goldstein
Xingxing Xia
: FutureFeature
Depends On:
Blocks: 1267746
  Show dependency treegraph
 
Reported: 2015-09-08 05:21 EDT by Ali Sogukpinar
Modified: 2016-10-04 09:41 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-09-28 07:37:44 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Origin (Github) 3742 None None None Never

  None (edit)
Description Ali Sogukpinar 2015-09-08 05:21:35 EDT
3. What is the nature and description of the request?  
   
Be able to log executed commands for auditing purpose 

4. Why does the customer need this? (List the business requirements here)  
   
To be able to host application with PCI compliance requirement, OSE platform should provide audit logs for executed commands, or oc exec commands needs to disabled.


5. How would the customer like to achieve this? (List the functional requirements here)  
   
The customer can try to execute some commands and that needs to be logged if he is allowed or logged also when the access has been denied.

6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.  
   
Just be able to see the executed command in some logs outside the container or inside a persistent storage on the OpenShift project, or sent to a syslog server over ssl.

7. Is there already an existing RFE upstream or in Red Hat Bugzilla?  
https://github.com/openshift/origin/issues/3742

8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?
End of this year, November 2015
Comment 5 Mike McCune 2016-03-28 19:03:07 EDT
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions
Comment 6 Andy Goldstein 2016-07-25 13:43:06 EDT
Logging of all interactions with the master was added in 3.2.1.
Comment 7 weiwei jiang 2016-08-08 01:32:49 EDT
According to comment https://bugzilla.redhat.com/show_bug.cgi?id=1260936#c3 and https://bugzilla.redhat.com/show_bug.cgi?id=1260936#c6 move to verified.
Comment 8 Miheer Salunke 2016-10-04 08:53:48 EDT
Is this fix available in 3.3 ?
Comment 9 Andy Goldstein 2016-10-04 09:41:42 EDT
Miheer, please see comment 6

Note You need to log in before you can comment on or make changes to this bug.