980152 – [RFE] Add audit trail for all actions performed via UI and CLI

Bug 980152 - [RFE] Add audit trail for all actions performed via UI and CLI

Summary: [RFE] Add audit trail for all actions performed via UI and CLI

Keywords:
Status:	CLOSED DUPLICATE of bug 1155817
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Audit Log
Sub Component:
Version:	6.0.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	Unspecified
Assignee:	satellite6-bugs
QA Contact:	Katello QA List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	GSS_Sat6Beta_Tracker, GSS_Sat6_Tracker 1317008
TreeView+	depends on / blocked

Reported:	2013-07-01 14:39 UTC by Og Maciel
Modified:	2022-03-13 13:52 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-01-18 19:48:00 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1155817	high	CLOSED	[RFE] Improve auditing and externalize audit logs	2022-03-13 13:55:00 UTC
Red Hat Issue Tracker	SAT-4935	None	None	None	2021-09-09 11:32:58 UTC
Red Hat Knowledge Base (Solution)	2122161	None	None	None	2016-01-13 11:34:42 UTC

Internal Links: 1155817

Description Og Maciel 2013-07-01 14:39:17 UTC

Description of problem:

Currently we track and save all UI actions into the Notifications page (i.e. changeset creation, promotion, new users, roles, etc), but the same does not happen if actions are performed via the CLI. What I'd like to see is an audit trail for all actions performed via CLI but perhaps without any type of visual notification as the objective here is only to keep an audit trail.

Version-Release number of selected component (if applicable):

* apr-util-ldap-1.3.9-3.el6_0.1.x86_64
* candlepin-0.8.9-1.el6_4.noarch
* candlepin-scl-1-5.el6_4.noarch
* candlepin-scl-quartz-2.1.5-5.el6_4.noarch
* candlepin-scl-rhino-1.7R3-1.el6_4.noarch
* candlepin-scl-runtime-1-5.el6_4.noarch
* candlepin-selinux-0.8.9-1.el6_4.noarch
* candlepin-tomcat6-0.8.9-1.el6_4.noarch
* elasticsearch-0.19.9-8.el6sat.noarch
* foreman-1.1.10014-1.noarch
* foreman-compute-1.1.10014-1.noarch
* foreman-installer-puppet-concat-0-2.d776701.git.0.21ef926.el6sat.noarch
* foreman-installer-puppet-dhcp-0-5.3a4a13c.el6sat.noarch
* foreman-installer-puppet-dns-0-7.fcae203.el6sat.noarch
* foreman-installer-puppet-foreman-0-6.568c5c4.el6sat.noarch
* foreman-installer-puppet-foreman_proxy-0-8.bd1e35d.el6sat.noarch
* foreman-installer-puppet-puppet-0-3.ab46748.el6sat.noarch
* foreman-installer-puppet-tftp-0-5.ea6c5e5.el6sat.noarch
* foreman-installer-puppet-xinetd-0-50a267b8.git.0.44aca6a.el6sat.noarch
* foreman-libvirt-1.1.10014-1.noarch
* foreman-postgresql-1.1.10014-1.noarch
* foreman-proxy-1.1.10003-1.el6sat.noarch
* foreman-proxy-installer-1.0.1-10.f5ae2cd.el6sat.noarch
* katello-1.4.2-18.el6sat.noarch
* katello-all-1.4.2-18.el6sat.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.4.2-2.el6sat.noarch
* katello-cli-1.4.2-8.el6sat.noarch
* katello-cli-common-1.4.2-8.el6sat.noarch
* katello-common-1.4.2-18.el6sat.noarch
* katello-configure-1.4.3-16.el6sat.noarch
* katello-configure-foreman-1.4.3-16.el6sat.noarch
* katello-foreman-all-1.4.2-18.el6sat.noarch
* katello-glue-candlepin-1.4.2-18.el6sat.noarch
* katello-glue-elasticsearch-1.4.2-18.el6sat.noarch
* katello-glue-pulp-1.4.2-18.el6sat.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-1.4.3-3.el6sat.noarch
* openldap-2.4.23-31.el6.x86_64
* pulp-rpm-plugins-2.1.3-0.1.beta.el6sat.noarch
* pulp-selinux-2.1.3-0.1.beta.el6sat.noarch
* pulp-server-2.1.3-0.1.beta.el6sat.noarch
* python-ldap-2.3.10-1.el6.x86_64
* ruby193-rubygem-ldap_fluff-0.2.2-1.el6sat.noarch
* ruby193-rubygem-net-ldap-0.3.1-2.el6sat.noarch
* ruby193-rubygem-runcible-0.4.10-1.el6sat.noarch
* signo-0.0.19-1.el6sat.noarch
* signo-katello-0.0.19-1.el6sat.noarch

How reproducible:


Steps to Reproduce:
1. Use the CLI to create users, roles, orgs, etc
2.
3.

Actual results:

None of these actions are registered anywhere. If you were to use the UI however, we do track all these actions in the Notifications page

Expected results:


Additional info:

Comment 3 Andrew Schofield 2015-12-11 23:56:06 UTC

CLI actions to create user now (in 6.1.4) seem to generate an audit entry. However, modification of said user (for example, adding additional roles) does not.

Comment 5 Stuart Auchterlonie 2016-01-13 09:19:41 UTC

There also appears to be no way to retrieve the audit data via hammer.
It is only available via the GUI.

Please include a way to retrieve this data via hammer.

Comment 11 Bryan Kearney 2018-01-18 19:48:00 UTC


*** This bug has been marked as a duplicate of bug 1155817 ***

Note You need to log in before you can comment on or make changes to this bug.