6:32 p.m.
Attached please find the patch for ticket 1006:
https://fedorahosted.org/pki/ticket/1006 Audit logging for TPS REST
operations
Most of the work is on
1. finding the right places to place the audit calls
2. deciding on what should be audited: since all read operations are
captured by AUTZ, the REST operations audited are only write operations
3. deciding on the audit events that should be provided for the operations
4. making needed information available at the places where auditing is
happening
thanks
Christina
4:44 p.m.
Looks fine:
What was done:
1. Creating some convenience functions to do the actual auditing.
2. Making sure we have auditing for the calls where things are changed
such as configuration /profile changes, or changing a token's state.
3. Making sure there are audit messages for the various error conditions caught
in exceptions.
I also took a look at a bunch of samples and they look good.
I did not spend days making sure every possible case it covered, but the code
and the framework looks good. Any holes will be discovered later.
ACK
----- Original Message -----
From: "Christina Fu" <cfu(a)redhat.com>
To: "pki-devel" <pki-devel(a)redhat.com>
Sent: Thursday, 24 March, 2016 4:32:56 PM
Subject: [Pki-devel] [PATCH]
pki-cfu-0116-Ticket-1006-Audit-logging-for-TPS-REST-operations.patch
Attached please find the patch for ticket 1006:
https://fedorahosted.org/pki/ticket/1006 Audit logging for TPS REST
operations
Most of the work is on
1. finding the right places to place the audit calls
2. deciding on what should be audited: since all read operations are
captured by AUTZ, the REST operations audited are only write operations
3. deciding on the audit events that should be provided for the operations
4. making needed information available at the places where auditing is
happening
thanks
Christina
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
6:19 p.m.
pushed to master
commit 41a99a5938c6881a978199fe10b0c392eb27d569
thanks,
Christina
On 03/28/2016 02:44 PM, John Magne wrote:
Looks fine:
What was done:
1. Creating some convenience functions to do the actual auditing.
2. Making sure we have auditing for the calls where things are changed
such as configuration /profile changes, or changing a token's state.
3. Making sure there are audit messages for the various error conditions caught
in exceptions.
I also took a look at a bunch of samples and they look good.
I did not spend days making sure every possible case it covered, but the code
and the framework looks good. Any holes will be discovered later.
ACK
----- Original Message -----
> From: "Christina Fu" <cfu(a)redhat.com>
> To: "pki-devel" <pki-devel(a)redhat.com>
> Sent: Thursday, 24 March, 2016 4:32:56 PM
> Subject: [Pki-devel] [PATCH]
pki-cfu-0116-Ticket-1006-Audit-logging-for-TPS-REST-operations.patch
>
> Attached please find the patch for ticket 1006:
> https://fedorahosted.org/pki/ticket/1006 Audit logging for TPS REST
> operations
>
> Most of the work is on
> 1. finding the right places to place the audit calls
> 2. deciding on what should be audited: since all read operations are
> captured by AUTZ, the REST operations audited are only write operations
> 3. deciding on the audit events that should be provided for the operations
> 4. making needed information available at the places where auditing is
> happening
>
> thanks
> Christina
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
3190
days inactive
3194
days old
2 comments
2 participants
participants (2)
-
Christina Fu -
John Magne