Diff for "LEP/AuditTrail"

Not logged in - Log In / Register
Differences between revisions 2 and 3
Revision 2 as of 2010-05-13 16:57:57
Size: 2582
Editor: jml
Comment:
Revision 3 as of 2010-05-13 16:59:46
Size: 2642
Editor: jml
Comment:
Deletions are marked like this. Additions are marked like this.
Line 24: Line 24:
 * Must be able to give who has accessed a single resource

Audit trail

Audit trail for private resources.

As an adminstrator
I want to be able to see who has accessed private data
so that I can be sure that only authorized people have seen that data

Rationale

Part of being serious about security is understanding that sometimes mistakes will happen, and we need to do whatever we can to limit the damage of these mistakes. If ever we suspect someone of gaining access to a restricted resource, we need to determine how much the confidentiality and integrity of this resource has been compromised. A key first step is to see who has read from and who has written to the resource.

Stakeholders

  • ???

Constraints

  • Someone needs to be able to see who has accessed a given thing
  • Must be able to get this log in a time of panic
  • Does not have to be on the web UI
  • Must be restricted to administrators and owners of private resources
  • Must function for resources that have been or currently are public
  • Must be able to give who has accessed a single resource
  • Must not be restricted to web application access, must include
    • web service / API
    • librarian access
    • codehosting
      • SSH server
      • Loggerhead
      • Web access
      • Anonymous smart server
    • PPAs
    • and access to anything in the web application

  • Must not be a Big Brother spying on people thing

Subfeatures

This is a sub-feature of LEP/PermissionsAndNotifications

Workflows

A branch containing proprietary code has been accidentally marked as public. The owner of the branch contacts us through email or IRC and asks us to make sure the branch is private and see if anyone has looked at the branch. Someone from Canonical (a LOSA?) performs an action (visits a web page? runs a script?) that gets a log of all the times when someone has accessed that branch. The log includes who accessed it (where known), how (read or write), when (timestamp) and from where (IP address) over the time period requested by the Canonical operator.

The operator examines the log and reports back to the owner on the branch if any unauthorized or suspicious looking activity occurs in the requested time frame.

Success

When we can get access logs on any resource in Launchpad without having to think hard about how to do it. The tough ones will be branches (many methods of access) and projects (so much associated with them).

Thoughts?

  • flacoste & jml think that the best solution is an admin script.

LEP/AuditTrail (last edited 2011-05-19 04:25:30 by lifeless)