Details
-
New Feature
-
Resolution: Fixed
-
Minor
-
Lustre 2.10.0
-
9223372036854775807
Description
Hi,
As Lustre Changelogs are a centralized mechanism reporting activity on the file system, we would like to use it as a basis for an audit facility for Lustre. The aim is to be able to track all accesses to files residing on Lustre, so that they can be recorded and looked up later for auditing purposes.
Changelogs cannot be used as-is to achieve auditing, because of the following limitations we have identified so far:
(a) uid/gid information is not recorded;
(b) OPEN and GEXATTR operations are not recorded;
(c) CLOSE operations are not recorded if the file is opened in READ_ONLY mode;
(d) Changelogs only record successful operations, not attempts.
Further comments on limitations:
(a) LU-1996 (https://review.whamcloud.com/4060) added support for jobid in Changelogs. If jobid is set to procname_uid, Changelogs will contain procname.uid information. So this could be used to know which user is doing the access. But jobid can be used for another purpose than audit, so we cannot always rely on it. We should create a new changelog extension similar to changelog_ext_jobid, that would hold uid/gid information.
(b) and (c) We do understand that it would have a performance cost to record OPEN and GEXATTR operations, as it would mean generating a write in the Changelogs for a read operation. Similarly for a CLOSE when a file is opened read-only. We will have to exclude OPEN and GETXATTR from the default Changelogs mask, and potentially create a dedicated changelogs entry type for the 'close on read-only' case, excluded by default. Moreover, we will evaluate the performance cost when these operations are recorded.
(d) Having all access attempts recorded will definitely increase MDS/MDT load, so we should examine carefully the performance impact of doing this. We would warn users about how much they would suffer by recording all access attempts.
I will feed this ticket by pushing patches to address the various limitations identified here (and possibly others to come).
Sebastien.
Attachments
Issue Links
- is related to
-
LU-11050 mdd: modifying changelog_deniednext does not yield immediate result
-
- Open
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
LU-15372 add projid to changelog
-
- Open
-
-
-
- Resolved
-
-
-
- Resolved
-
- is related to
-
LU-15373 changelog improvements tracking
-
- Open
-
Activity
Oleg Drokin (oleg.drokin@intel.com) merged in patch https://review.whamcloud.com/28812/
Subject: LU-9727 lustre: record denied OPEN in Changelogs
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: ccb6fe4b5994c0b8e8890265acfa78e865592431
Oleg Drokin (oleg.drokin@intel.com) merged in patch https://review.whamcloud.com/28299/
Subject: LU-9727 lustre: limit OPEN and CLOSE rates in Changelogs
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: b45f8364a307d1b13ebaf5dc59da33bddde92769
Oleg Drokin (oleg.drokin@intel.com) merged in patch https://review.whamcloud.com/28251/
Subject: LU-9727 lustre: add CL_GETXATTR for Changelogs
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: c722371c18809aaa1de36e5cb61a54de947611b4
Oleg Drokin (oleg.drokin@intel.com) merged in patch https://review.whamcloud.com/28313/
Subject: LU-9727 nodemap: add audit_mode flag to nodemap
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 942a9853f7b4c6fe22729468f1802ab782087e4e
Oleg Drokin (oleg.drokin@intel.com) merged in patch https://review.whamcloud.com/27929/
Subject: LU-9727 lustre: record CLOSE if OPEN was recorded
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: afef52b9f2b5cb3af735d698883951fdd129af20
Oleg Drokin (oleg.drokin@intel.com) merged in patch https://review.whamcloud.com/28214/
Subject: LU-9727 lustre: implement CL_OPEN for Changelogs
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 21fb4d93a94ef3876051fed31c5ef0c33f484f9d
Oleg Drokin (oleg.drokin@intel.com) merged in patch https://review.whamcloud.com/28213/
Subject: LU-9727 lustre: add client NID to Changelogs entries
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: d2629cfcabfa3a22ddf4a6c474364d0012d80390
I just notices that the cr_prev field in changelog_rec is not used. Not used as in never set in the kernel.
In principle this means we could drop the changelog_ext_extra_flags extension and use that field (renamed) instead. Same as now the CLF_EXTRA_FLAGS flag would indicate that the contents of the field are valid and can be interpreted. It does appear we cannot assume the field is zeroed.
(Added) If we want to make this change it should be before a Lustre version with CLF_EXTRA_FLAGS in it ships.
Sebastien Buisson (sbuisson@ddn.com) uploaded a new patch: https://review.whamcloud.com/30985
Subject: LU-9727 tests: adjust module load ordering
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: d0bdc1be41e554c99dd95f9cd0c46ce059d3f3a0
Sebastien Buisson (sbuisson@ddn.com) uploaded a new patch: https://review.whamcloud.com/30970
Subject: LU-9727 doc: update llog_reader man page for Changelogs
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: ce391d8c8a550826f84f23e1357ba27a3f493047
Oleg Drokin (oleg.drokin@intel.com) merged in patch https://review.whamcloud.com/30315/
Subject:
LU-9727utils: make llog_reader decode changelog fieldsProject: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 8811869b1e88175d2ea6ead64f7c584b97db98bd