Project

General

Profile

Refactor #20116

Redact sensitive information from audit logs

Added by Tomer Brisker over 1 year ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Changes to information such as passwords, secret keys etc should be audited without saving the sensitive value itself.
Currently we have workarounds in place in several places in foreman core. This should be fixed in the audited gem, opened https://github.com/collectiveidea/audited/pull/339 for that. Once that is merged we should leverage the gem solution to replace all workarounds we use.


Related issues

Related to Foreman - Bug #19169: CVE-2017-2672 - audit trail leaks sensitive data for Image eventsClosed2017-04-04
Related to Foreman - Bug #16850: Password change activity does not show in Audit logClosed2016-10-10
Related to Foreman - Refactor #21920: Refactor password auditingClosed2017-12-10

History

#1 Updated by Tomer Brisker over 1 year ago

  • Related to Bug #19169: CVE-2017-2672 - audit trail leaks sensitive data for Image events added

#2 Updated by Tomer Brisker over 1 year ago

  • Related to Bug #16850: Password change activity does not show in Audit log added

#3 Updated by Tomer Brisker about 1 year ago

Also available in: Atom PDF