255 Star 650 Fork 464

GVPopenGauss / openGauss-server

 / 详情

【业务范畴:开源】【测试类型:SQL功能】【测试活动:社区】【测试版本:2.0.0】【特性名称:资料描述】【环境:裸机】统一审计操作为update、delete,审计日志中记录的“access type”为select,操作为insert,审计日志中无记录;

Canceled
Bug
Opened this issue  
2021-09-15 18:10

【标题描述】:
统一审计操作为update、delete,审计日志中记录的“access type”为select,操作为insert,审计日志中无记录;
【测试类型:SQL功能/存储功能/接口功能/工具功能/性能/并发/压力长稳/故障注入/安全/资料/编码规范】【测试版本:2.0.0】 问题描述

【操作系统和硬件信息】(查询命令: cat /etc/system-release, uname -a):
CentOS Linux release 7.6.1810 (Core)
Linux ctupopenga00019 3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
【测试环境】(单机/1主x备x级联备):
一主三备
【被测功能】:
统一审计
【测试类型】:
功能测试
【数据库版本】(查询命令: gaussdb –V):
gaussdb (openGauss 2.0.0 build 3386e30c) compiled at 2021-09-10 20:04:25 commit 0 last mr
【预置条件】:
1.数据库状态normal
2.开启审计开关enable_security_policy=on
3.开启对INSERT操作的审计,audit_dml_state=1
4.配置日志归档,在/etc/rsyslog.conf文件中配置local0.* /var/log/postgresql(查看syslog_facility的值也是local0,必须一致),重启服务:service rsyslog restart
【操作步骤】(请填写详细的操作步骤):
1.系统管理员用户创建两个用户
create user user001 password '$password';
create user user002 password '$password';
2.系统管理员用户创建表,并赋予用户权限
create table table_security_auditing(id int,name char(10));
insert into table_security_auditing values(1,'lILI');
insert into table_security_auditing values(2,'lucy');
grant all privileges on table_security_auditing to user001;
grant all privileges on table_security_auditing to user002;
3.系统管理员用户创建资源标签
DROP RESOURCE LABEL IF EXISTS rl_security_auditing;
CREATE RESOURCE LABEL rl_security_auditing ADD TABLE(table_security_auditing);
4.系统管理员用户创建统一审计策略,过滤用户1
DROP AUDIT POLICY IF EXISTS select_security_auditing;
CREATE AUDIT POLICY select_security_auditing ACCESS UPDATE, DELETE, INSERT ON LABEL(rl_security_auditing) FILTER ON ROLES(user001);
5.user001用户登录数据库执行update语句
update table_security_auditing set name='modify' where id=1;
insert into table_security_auditing values(3,'Bob');
delete from table_security_auditing where id=3;
6.查看/var/log/postgresql日志中是否审计了user001的操作

【预期输出】:
1.用户创建成功
2.建表成功,赋予权限
3.创建成功
4.创建成功
5.执行成功
6.日志中审计到user001的UPDATE, DELETE, INSERT操作
【实际输出】:
6.执行update、delete语句,审计日志中记录的“access type”均为select,执行insert语句,审计日志中无记录;
【原因分析】:

  1. 这个问题的根因
  2. 问题推断过程
  3. 还有哪些原因可能造成类似现象
  4. 该问题是否有临时规避措施
  5. 问题解决方案
  6. 预计修复问题时间

【日志信息】(请附上日志文件、截图、coredump信息):

输入图片说明

【测试代码】:

Comments (1)

wan005 created缺陷
wan005 set related repository to openGauss/openGauss-server
Expand operation logs

Hey @wan005 , Welcome to openGauss Community.
All of the projects in openGauss Community are maintained by @opengauss-bot .
That means the developers can comment below every pull request or issue to trigger Bot Commands.
Please follow instructions at https://gitee.com/opengauss/community/blob/master/contributors/command.en.md to find the details.

wan005 added
 
kind/bug
label
wan005 set priority to Main
wan005 set assignee to 薛蒙恩
wan005 changed description
wan005 changed issue state from 待办的 to 已取消

Sign in to comment

Status
Assignees
Projects
Milestones
Pull Requests
Successfully merging a pull request will close this issue.
Branches
Planed to start   -   Planed to end
-
Top level
Priority
Duration (hours)
Confirm
参与者(2)
5622128 opengauss bot 1581905080
C++
1
https://gitee.com/opengauss/openGauss-server.git
git@gitee.com:opengauss/openGauss-server.git
opengauss
openGauss-server
openGauss-server

Search

141041 ab9339c7 1850385 141043 25c028d5 1850385