Thursday, November 24, 2016

MongoDB - Change audit filters to audit specific user and DML auditing



# Setup directory for replication set auditing testing (audit for specific user using filter)
# hostname: database.dbaglobe.com
mkdir -p /home/donghua/LAB7/{r0,r1,r2}

# Prepare configure file: /home/donghua/LAB7/r0/mongod.conf
net:
   port: 22700
storage:
   dbPath: /home/donghua/LAB7/r0
systemLog:
   destination: file
   path: /home/donghua/LAB7/r0/mongo.log
   logAppend: true
processManagement:
   fork: true
replication:
   replSetName: AuditTest
#security:
#   authorization: enabled
auditLog:
   destination: file
   format: JSON
   path: /home/donghua/LAB7/r0/auditLog.json
   filter: '{ users: { user: "superuser", db: "admin" } }'
# enable DML auditing by audit atype:authCheck
setParameter: {auditAuthorizationSuccess: true}

# Prepare configure file: /home/donghua/LAB7/r1/mongod.conf
net:
   port: 22701
storage:
   dbPath: /home/donghua/LAB7/r1
systemLog:
   destination: file
   path: /home/donghua/LAB7/r1/mongo.log
   logAppend: true
processManagement:
   fork: true
replication:
   replSetName: AuditTest
#security:
#   authorization: enabled  
auditLog:
   destination: file
   format: JSON
   path: /home/donghua/LAB7/r1/auditLog.json
   filter: '{ users: { user: "superuser", db: "admin" } }'
# enable DML auditing by audit atype:authCheck
setParameter: {auditAuthorizationSuccess: true}

# Prepare configure file: /home/donghua/LAB7/r2/mongod.conf
net:
   port: 22702
storage:
   dbPath: /home/donghua/LAB7/r2
systemLog:
   destination: file
   path: /home/donghua/LAB7/r2/mongo.log
   logAppend: true
processManagement:
   fork: true
replication:
   replSetName: AuditTest
#security:
#   authorization: enabled  
auditLog:
   destination: file
   format: JSON
   path: /home/donghua/LAB7/r2/auditLog.json
   filter: '{ users: { user: "superuser", db: "admin" } }'
# enable DML auditing by audit atype:authCheck
setParameter: {auditAuthorizationSuccess: true}
  
# Setup replset with 3 replicas with auditing enable to JSON File
mongod --config /home/donghua/LAB7/r0/mongod.conf
mongod --config /home/donghua/LAB7/r1/mongod.conf
mongod --config /home/donghua/LAB7/r2/mongod.conf

mongo --port 22700 --eval "rs.initiate({_id: 'AuditTest',members: [{ _id: 1, host: 'database.dbaglobe.com:22700' },{ _id: 2, host: 'database.dbaglobe.com:22701' },{ _id: 3, host: 'database.dbaglobe.com:22702' }]})"
mongo --port 22700 --eval "rs.status()"

# Create application specific user
MongoDB Enterprise AuditTest:PRIMARY> use admin
MongoDB Enterprise AuditTest:PRIMARY> db.createUser( {user: "superuser", pwd: "secret", roles:[{role:'root',db:'admin'}]});

# Shutdown and enable security.authorization
# And restart Mongodb

# Shutdown and clean up
mongod --dbpath /home/donghua/LAB7/r0 --shutdown
mongod --dbpath /home/donghua/LAB7/r1 --shutdown
mongod --dbpath /home/donghua/LAB7/r2 --shutdown
rm -rf /home/donghua/LAB7