871367 – [Spacewalk1.7 on Cento6] Audit shows all machines audit logs of all organizations

Bug 871367 - [Spacewalk1.7 on Cento6] Audit shows all machines audit logs of all organizations

Summary: [Spacewalk1.7 on Cento6] Audit shows all machines audit logs of all organizat...

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	Spacewalk
Classification:	Community
Component:	Server
Sub Component:
Version:	1.7
Hardware:	i686
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Tomas Lestach
QA Contact:	Red Hat Satellite QA List
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	885024 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-10-30 10:28 UTC by wodel
Modified:	2020-03-13 13:30 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-03-13 13:30:05 UTC
Embargoed:

Attachments	(Terms of Use)

Description wodel 2012-10-30 10:28:43 UTC

Description of problem:

Hi, and excuse the English

I've a running Spacewalk 1.7 on Centos 6, I've created two organizations and registered two machines in each organization, I've followed the
wiki to configure the Audit:
https://fedorahosted.org/spacewalk/wiki/AuditReviewing
http://roysjosh.blogspot.com/2012/07/basic-audit-re-viewing-in-spacewalk.html


The problem is, when I connect to an organization, I can see the Audit log of all machines even if they don't belong to that organization, is it normal?




Version-Release number of selected component (if applicable):
Spacewalk 1.7
Cetnos 6.3 i386
with Postgresql 8.4 as database backend

How reproducible:
Always

Steps to Reproduce:
1.Create a new organisation (or more), then register two machines each on in a different organization.
2.Configure Audit log as shown in the wiki:
  - add "web.audit.logdir = /var/satellite/systemlogs" to /etc/rhn/rhn.conf
  - create the directories 
    cd /var/satellite
    mkdir systemlogs; mkdir host1{,/audit} host2{,/audit} localhost{,/audit}
  - Generate Audit log for each machine, and parse it with aup commande
  - Copy the result of each machine in the right directory
  - Log in with the diffrent admin of each organization, click Audit, you will see all the audit log of all machines.

Actual results:
The Audit log of all machines is accessible to all accounts, even if the belong to other organization.

Expected results:
Each organization can see only it's own machines Audit log.

Additional info:

Comment 1 Michael Mráka 2012-11-23 16:07:57 UTC

Unfortunately it show all logs in web.audit.logdir. Even for non-existent hosts.

Comment 2 Jan Pazdziora 2012-12-07 20:06:28 UTC

Also reported in
https://www.redhat.com/archives/spacewalk-list/2012-October/msg00203.html

Comment 3 Jan Pazdziora 2012-12-07 20:06:54 UTC

*** Bug 885024 has been marked as a duplicate of this bug. ***

Comment 5 Jan Pazdziora 2017-10-18 07:46:32 UTC

Is this still an active issue? Might it be this is a security issue?

Comment 7 Michael Mráka 2020-03-13 13:30:05 UTC

Spacewalk 2.8 (and older) has already reached it's End Of Life.

Thank you for reporting this issue and we are sorry that we were not
able to fix it before end of life. If you would still like
to see this bug fixed and are able to reproduce it against current version
of Spacewalk 2.9, you are encouraged change the 'version' and re-open it.

Note You need to log in before you can comment on or make changes to this bug.