MDEV-33834 Add TLS version to audit plugin available variables #3175
Conversation
|
|
Chupsy
force-pushed
the
auth-audit-plugin-enhancement
branch
2 times, most recently
from
cd78bd7
to
c13da4e
Compare
Chupsy
force-pushed
the
auth-audit-plugin-enhancement
branch
3 times, most recently
from
6081e75
to
833b83a
Compare
Chupsy
force-pushed
the
auth-audit-plugin-enhancement
branch
from
833b83a
to
453312b
Compare
LinuxJedi
changed the title
|
Requested changes have been made. The MDEV is assigned to @holyfoot to review, so I have assigned here too. |
…iables Add tls_version and tls_version_length variables to the audit plugin so they can be logged. This is useful to help identify suspicious or malformed connections attempting to use unsupported TLS versions. A log with this information will allow to detect and block more malicious connection attempts. Users with 'server_audit_events' empty will have these two new variables automatically visible in their logs, but if users don't want them, they can always configure what fields to include by listing the fields in 'server_audit_events'. All new code of the whole pull request, including one or several files that are either new files or modified ones, are contributed under the BSD-new license. I am contributing on behalf of my employer Amazon Web Services, Inc.
LinuxJedi
force-pushed
the
auth-audit-plugin-enhancement
branch
from
453312b
to
cf3265c
Compare
|
@LinuxJedi not sure I understand the changes that you have made to the PR, maybe another commit or modifying current commit message could help ? |
|
Are you sure it's 10.6 and not 11.6 ? |
I did an automatic rebase onto the top of the branch. I have not altered the code. I also added the MDEV to the title of the PR, as this makes things much easier for us. And yes, @vuvova would have meant 11.6. |
vuvova
changed the title
|
Hello @LinuxJedi @vuvova, any update on the validation of this PR ? Do you need me to do some modifications ? |
|
To repeat, what I wrote above (with a
So, if nothing happens now — it's normal, the PR is not forgotten, please, wait until May-June |
MDEV: https://jira.mariadb.org/browse/MDEV-33834
Description
Add tls_version and tls_version_length variables to the audit plugin so they can be logged. This is useful to help identify suspicious or malformed connections attempting to use unsupported TLS versions. A log with this information will allow to detect and block more malicious connection attempts.
Users with 'server_audit_events' empty will have these two new variables automatically visible in their logs, but if users don't want them, they can always configure what fields to include by listing the fields in 'server_audit_events'.
Release Notes
None. This just adds more possibilities for users.
How can this PR be tested?
Modified the server audit plugin to include this new info, and updated the server audit plugin MTR tests.
Basing the PR against the correct MariaDB version
PR quality check
Copyright
All new code of the whole pull request, including one or several files that are either new files or modified ones, are contributed under the BSD-new license. I am contributing on behalf of my employer Amazon Web Services, Inc.