diff options
author | Ade Lee <alee@redhat.com> | 2017-05-18 16:05:07 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2017-05-23 15:24:51 -0400 |
commit | 3027b565320c96857b7f7fdffed9a5fbec084bab (patch) | |
tree | 74c30c536bdc148cc55ebb20e86c419563584dea /base/server/cmsbundle | |
parent | 8016ed7972d9211e7f0db14e45bc9658a7b292ef (diff) | |
download | pki-3027b565320c96857b7f7fdffed9a5fbec084bab.tar.gz pki-3027b565320c96857b7f7fdffed9a5fbec084bab.tar.xz pki-3027b565320c96857b7f7fdffed9a5fbec084bab.zip |
Fix auditing in retrieveKey
The auditing in retrieveKey is all messed up.
* Added new audit event to track accesses to KeyInfo queries.
They may produce a lot of events, especially if events are
generated for every listing of data. By default, this event
may be turned off.
* Added audit events for generation and processing of key
recovery requests.
Change-Id: Icb695e712bdfadf0a80903aa52bd00b9d4883182
Diffstat (limited to 'base/server/cmsbundle')
-rw-r--r-- | base/server/cmsbundle/src/LogMessages.properties | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/base/server/cmsbundle/src/LogMessages.properties b/base/server/cmsbundle/src/LogMessages.properties index 9cdcae687..3b998d99c 100644 --- a/base/server/cmsbundle/src/LogMessages.properties +++ b/base/server/cmsbundle/src/LogMessages.properties @@ -2451,7 +2451,7 @@ LOGGING_SIGNED_AUDIT_SECURITY_DATA_RECOVERY_REQUEST=<type=SECURITY_DATA_RECOVERY # LOGGING_SIGNED_AUDIT_SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE_4=<type=SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE>:[AuditEvent=SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE][SubjectID={0}][Outcome={1}][RecoveryID={2}][Operation={3}] security data recovery request state change # -# LOGGING_SIGNED_AUDIT_SECURITY_DATA_RETRIEVE_KEY +# LOGGING_SIGNED_AUDIT_SECURITY_DATA_EXPORT_KEY # - used when user attempts to retrieve key after the recovery request # has been approved. # @@ -2462,6 +2462,16 @@ LOGGING_SIGNED_AUDIT_SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE_4=<type=SECURIT # LOGGING_SIGNED_AUDIT_SECURITY_DATA_EXPORT_KEY=<type=SECURITY_DATA_EXPORT_KEY>:[AuditEvent=SECURITY_DATA_EXPORT_KEY][SubjectID={0}][Outcome={1}][RecoveryID={2}][KeyID={3}][Info={4}][PubKey={5}] security data retrieval request # +# LOGGING_SIGNED_AUDIT_SECURITY_DATA_INFO +# - used when user attempts to get metadata information about a key +# +# RecoveryID must be the recovery request ID +# KeyID is the key being retrieved +# Info is the failure reason if the export fails. +# PubKey is the public key for the private key being retrieved +# +LOGGING_SIGNED_AUDIT_SECURITY_DATA_INFO=<type=SECURITY_DATA_INFO>:[AuditEvent=SECURITY_DATA_INFO][SubjectID={0}][Outcome={1}][KeyID={2}][ClientKeyId={3}[Info={4}][PubKey={5}] security data info request +# # LOGGING_SIGNED_AUDIT_KEY_STATUS_CHANGE # - used when modify key status is executed # keyID must be an existing key id in the database |