Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-18984

Feature Request: Audit Plugin should send SIGABRT when unable to log.

    Details

    • Type: Task
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: Plugin - Audit
    • Labels:
      None

      Description

      The Department of Defense's Unified Compliance Framework contains a series of database security requirements. When inquiring about MariaDB, potential clients from branches of the US Armed Forces for example, require that their databases meet some of these specifications.

      One requirement which we do not currently meet is that "The DBMS must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure.", located here.

      Current behavior in MariaDB when writing to the log fails due to permission, space, or availability reasons, silently turns the plugin off. Adding a configuration variable such as server_audit_log_mandatory, default 0, could generate a SIGABRT instead of failing silently when the log becomes inaccessible.

      This would retain the current behavior for preexisting users, while enabling security-sensitive customers to configure their servers to halt in the event of any problems writing to the log.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              juan.vera Juan
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated: