Uploaded image for project: 'Commons - Audit'
  1. Commons - Audit
  2. CAUD-394

CSV audit handler tamper-evident verification command does not detect modifications

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Not a defect
    • Affects Version/s: 21.0.0
    • Fix Version/s: None
    • Labels:
    • Environment:
      CentOS 6, Java 8, IDM 5.0.0-RC2 with MySQL as repo
    • Story Points:
      3
    • Sprint:
      OpenIDM Sprint 72

      Description

      After configured the feature CSV audit event handler with tamper protection, the tamper detection command doesn't give any meaningful output after audit files are modified.

      java -cp "bundle/joda-time-2.9.4.jar:bundle/forgerock-audit-handler-csv-21.0.0-RC3.jar" org.forgerock.audit.handlers.csv.CsvSecureArchiveVerifierCli --archive ../csv_logs/ --topic access --keystore security/keystore.jceks --password changeit
      SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
      SLF4J: Defaulting to no-operation (NOP) logger implementation
      SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
      

      Note:
      Due to CAUD-393, I used this command instead of the command in CAUD-393 for the testing. I got it from Jason Lemay

      To reproduce:
      1. unzip and startup openidm
      2. create a directory for csv audit logs(csv_logs).
      3. Do necessary configuration to enable CSV audit event handler with tamper protection through IDM admin UI, audit.json is attached.
      4. generate some access audit log by running command:

       curl --header "X-OpenIDM-Password: openidm-admin" --header "X-OpenIDM-Username: openidm-admin"  --request GET http://10.0.32.38:8080/openidm/managed/user?_queryId=query-all-ids |python -mjson.tool4, under openidm folder, run the command
      

      5. modify some entry in tamper-evident-access.csv
      6. Run command:

      java -cp "bundle/joda-time-2.9.4.jar:bundle/forgerock-audit-handler-csv-21.0.0-RC3.jar" org.forgerock.audit.handlers.csv.CsvSecureArchiveVerifierCli --archive ../csv_logs/ --topic access --keystore security/keystore.jceks --password changeit
      

      observer the command doesn't detect changes in the audit file.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jason Jason Lemay
                Reporter:
                Tinghua.Xu Tinghua.Xu
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: