Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1443184

Summary: failed logins events should be logged by default
Product: OpenShift Container Platform Reporter: Marc Nozell <mnozell>
Component: RFEAssignee: Maciej Szulik <maszulik>
Status: CLOSED CURRENTRELEASE QA Contact: ge liu <geliu>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.5.0CC: aos-bugs, erich, jokerman, maszulik, mbarrett, mfojtik, mmccomas, mmckinst, mnozell, rmeggins, wsun
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Feature: Advanced Audit Reason: To be able to customize more what is being logged during auditing. Result: Advanced Audit is enabled as a technology preview in openshift 3.7.
 Story Points: ---
Clone Of:
: 1498947 (view as bug list) Environment:
Last Closed: 2018-01-22 16:32:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1498947    

Description Marc Nozell 2017-04-18 17:43:54 UTC 
1. Proposed title of this feature request

Failed and successful login attempts logged by default

3. What is the nature and description of the request?

You need debug logging set to get logs for failed logins. This should not require debug level logging.

4. Why does the customer need this? (List the business requirements here)

The customer has extensive auditing requirements due to the nature of their business.

5. How would the customer like to achieve this? (List the functional requirements here)

Failed login attempts should be logged without needing to turn on debugging which includes lots of unneeded info.

6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.

1) verify debug logging is not enabled
2) attempt to log into the system with incorrect credentials
3) successfully login with correct credentials
4) verify the failed and successful logins are noted in the logs


7. Is there already an existing RFE upstream or in Red Hat Bugzilla?

No

10. List any affected packages or components.

Logging
Comment 2 Rich Megginson 2017-05-01 18:07:14 UTC 
What is the application?  OpenShift itself?  What is the user logging into?
Comment 4 Marc Nozell 2017-05-25 14:52:52 UTC 
This is the OpenShift audit log for all the access events logged when debug logging is set.  Basically looking for a new flag for just success/failed access related events.
Comment 6 Maciej Szulik 2017-08-25 08:51:18 UTC 
The PR in flight: https://github.com/openshift/origin/pull/14535
Comment 7 Maciej Szulik 2017-10-06 07:48:45 UTC 
This landed as part of https://github.com/openshift/origin/pull/16128. 
The remaining piece is documentation, I'm currently working on.
Comment 8 ge liu 2017-10-09 09:47:28 UTC 
Verified in ocp env with version: 3.7.0-0.133.0