← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #94106

[Bug 1628627] Re: In FWaaS, when someone makes a change to a firewall rule we know, Who, What, When, and Where

  Thread PreviousDate PreviousThread Next 
Closing as all patches have been abandoned and there is no clear way
forward. Please re-open if anyone intends to work on it.

** Changed in: neutron
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1628627

Title:
  In FWaaS, when someone makes a change to a firewall rule we know, Who,
  What, When, and Where

Status in neutron:
  Won't Fix

Bug description:
  In the FWaaS service, create the ability for administrators to engage
  an 'audit trail' feature.  The audit trail would notate every change
  to firewalls that causes a security change.  The output would be to
  the notification queue.

  Audit notations should contain all information necessary to process
  them.  For example, an audit notation that says "user abcde1234
  permitted port 22 traffic from firewall group A to firewall group B"
  is not enough information.  In order to determine what needs to be
  scanned, the consumer of the audit would need to subsequently query
  FWaaS to determine the membership of the 2 firewall groups cited.
  Notations should carry enough information so that no subsequent
  querying is required for processing.

  The notification should encompass all of:

  - Who: Identity of the user initiating the change.
  - What: The information on what was changed.  Should include port information, whether access was permitted or disallowed, etc.
  - Where: A list of all affected ports/IP addresses/instances, grouped by connection origin/destination.  This could be abbreviated to indicate an entire tenant if that is the target.  
  - When: Timestamp indicating when the change was initiated.

  Use case: This would allow a customer's security group to subscribe to
  a collated feed of all security events in order to detect those events
  that should trigger an audit or vulnerability scan.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1628627/+subscriptions

References

  Thread PreviousDate PreviousThread Next