1443184 – failed logins events should be logged by default

Bug 1443184 - failed logins events should be logged by default

Summary: failed logins events should be logged by default

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	RFE
Sub Component:
Version:	3.5.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	---
Assignee:	Maciej Szulik
QA Contact:	ge liu
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1498947
TreeView+	depends on / blocked

Reported:	2017-04-18 17:43 UTC by Marc Nozell
Modified:	2018-01-22 16:32 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:	Feature: Advanced Audit Reason: To be able to customize more what is being logged during auditing. Result: Advanced Audit is enabled as a technology preview in openshift 3.7.
Clone Of:
Clones:	1498947 (view as bug list)
Environment:
Last Closed:	2018-01-22 16:32:36 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Marc Nozell 2017-04-18 17:43:54 UTC

1. Proposed title of this feature request

Failed and successful login attempts logged by default

3. What is the nature and description of the request?

You need debug logging set to get logs for failed logins. This should not require debug level logging.

4. Why does the customer need this? (List the business requirements here)

The customer has extensive auditing requirements due to the nature of their business.

5. How would the customer like to achieve this? (List the functional requirements here)

Failed login attempts should be logged without needing to turn on debugging which includes lots of unneeded info.

6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.

1) verify debug logging is not enabled
2) attempt to log into the system with incorrect credentials
3) successfully login with correct credentials
4) verify the failed and successful logins are noted in the logs


7. Is there already an existing RFE upstream or in Red Hat Bugzilla?

No

10. List any affected packages or components.

Logging

Comment 2 Rich Megginson 2017-05-01 18:07:14 UTC

What is the application?  OpenShift itself?  What is the user logging into?

Comment 4 Marc Nozell 2017-05-25 14:52:52 UTC

This is the OpenShift audit log for all the access events logged when debug logging is set.  Basically looking for a new flag for just success/failed access related events.

Comment 6 Maciej Szulik 2017-08-25 08:51:18 UTC

The PR in flight: https://github.com/openshift/origin/pull/14535

Comment 7 Maciej Szulik 2017-10-06 07:48:45 UTC

This landed as part of https://github.com/openshift/origin/pull/16128. 
The remaining piece is documentation, I'm currently working on.

Comment 8 ge liu 2017-10-09 09:47:28 UTC

Verified in ocp env with version: 3.7.0-0.133.0

Note You need to log in before you can comment on or make changes to this bug.