From 3027b565320c96857b7f7fdffed9a5fbec084bab Mon Sep 17 00:00:00 2001
From: Ade Lee <alee@redhat.com>
Date: Thu, 18 May 2017 16:05:07 -0400
Subject: Fix auditing in retrieveKey

The auditing in retrieveKey is all messed up.
* Added new audit event to track accesses to KeyInfo queries.
  They may produce a lot of events, especially if events are
  generated for every listing of data.  By default, this event
  may be turned off.
* Added audit events for generation and processing of key
  recovery requests.

Change-Id: Icb695e712bdfadf0a80903aa52bd00b9d4883182
---
 base/server/cmsbundle/src/LogMessages.properties | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'base/server/cmsbundle/src')

diff --git a/base/server/cmsbundle/src/LogMessages.properties b/base/server/cmsbundle/src/LogMessages.properties
index 9cdcae687..3b998d99c 100644
--- a/base/server/cmsbundle/src/LogMessages.properties
+++ b/base/server/cmsbundle/src/LogMessages.properties
@@ -2451,7 +2451,7 @@ LOGGING_SIGNED_AUDIT_SECURITY_DATA_RECOVERY_REQUEST=<type=SECURITY_DATA_RECOVERY
 #
 LOGGING_SIGNED_AUDIT_SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE_4=<type=SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE>:[AuditEvent=SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE][SubjectID={0}][Outcome={1}][RecoveryID={2}][Operation={3}] security data recovery request state change
 #
-# LOGGING_SIGNED_AUDIT_SECURITY_DATA_RETRIEVE_KEY
+# LOGGING_SIGNED_AUDIT_SECURITY_DATA_EXPORT_KEY
 # - used when user attempts to retrieve key after the recovery request 
 #   has been approved.
 # 
@@ -2462,6 +2462,16 @@ LOGGING_SIGNED_AUDIT_SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE_4=<type=SECURIT
 #
 LOGGING_SIGNED_AUDIT_SECURITY_DATA_EXPORT_KEY=<type=SECURITY_DATA_EXPORT_KEY>:[AuditEvent=SECURITY_DATA_EXPORT_KEY][SubjectID={0}][Outcome={1}][RecoveryID={2}][KeyID={3}][Info={4}][PubKey={5}] security data retrieval request
 #
+# LOGGING_SIGNED_AUDIT_SECURITY_DATA_INFO
+# - used when user attempts to get metadata information about a key 
+# 
+# RecoveryID must be the recovery request ID
+# KeyID is the key being retrieved
+# Info is the failure reason if the export fails.
+# PubKey is the public key for the private key being retrieved
+#
+LOGGING_SIGNED_AUDIT_SECURITY_DATA_INFO=<type=SECURITY_DATA_INFO>:[AuditEvent=SECURITY_DATA_INFO][SubjectID={0}][Outcome={1}][KeyID={2}][ClientKeyId={3}[Info={4}][PubKey={5}] security data info request
+#
 # LOGGING_SIGNED_AUDIT_KEY_STATUS_CHANGE
 # - used when modify key status is executed
 # keyID must be an existing key id in the database
-- 
cgit