Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SONiC Security Auditing HLD #1713

Open
wants to merge 15 commits into
base: master
Choose a base branch
from
Open

SONiC Security Auditing HLD #1713

wants to merge 15 commits into from

Conversation

maipbui
Copy link
Contributor

@maipbui maipbui commented Jun 14, 2024
edited
Loading

This design aims to enhance the auditing capabilities within SONiC operating system using audit daemon (auditd). Auditing is the process of recording and analyzing the events that occur on the device. Auditing can help to detect unauthorized access, configuration changes, malicious activity, or system errors. Auditing can also provide evidence for forensic investigations, compliance audits, or incident response.

Repo PR title State
sonic-buildimage Auditd enhancement YANG models GitHub issue/pull request detail
sonic-utilities Auditd Enhancement CLI GitHub issue/pull request detail
sonic-host-services Support auditd configuration GitHub issue/pull request detail

@maipbui maipbui changed the title SONiC Audit Enhancement SONiC Audit Enhancement HLD Jun 14, 2024
@qiluo-msft qiluo-msft requested a review from liuh-80 June 14, 2024 07:03
@maipbui maipbui force-pushed the audit_enhancement branch from fabe961 to f8391bf Compare June 24, 2024 18:32
This was referenced Aug 1, 2024
Open
Open
@maipbui maipbui self-assigned this Aug 1, 2024
@maipbui maipbui mentioned this pull request Aug 2, 2024
Open
@maipbui maipbui force-pushed the audit_enhancement branch from dea4ed5 to f67c824 Compare August 12, 2024 18:25
@maipbui maipbui changed the title SONiC Audit Enhancement HLD SONiC Security Auditing HLD Aug 12, 2024
@maipbui
Add performance
727f152 
Signed-off-by: Mai Bui <[email protected]>
@zhangyanzhao
Copy link
Collaborator

community review recording https://zoom.us/rec/share/I2O2drYuFPNLFyWGPanI_rQ7qPIOkyfa9yNyJSON7BxDbKWcshSltjHwfUueU_tN.EySn3jaIk96H4zXA

maipbui added 5 commits August 19, 2024 17:16
@maipbui
Refine HLD doc
d07b151 
Signed-off-by: Mai Bui <[email protected]>
@maipbui
fix
e1afeda 
Signed-off-by: Mai Bui <[email protected]>
@maipbui
Add flow figure
b09df97 
Signed-off-by: Mai Bui <[email protected]>
@maipbui
fix
e303919 
Signed-off-by: Mai Bui <[email protected]>
@maipbui
Add Q&A, improvements
9051158 
Signed-off-by: Mai Bui <[email protected]>
@maipbui
Copy link
Contributor Author

maipbui commented Aug 22, 2024

According to Sonic team and community's feedback, addressed and added some additional topics to the HLD

  • Add Config DB improvement
  • Add YANG section
  • Add Audit rule ordering
  • Add test case for ordering of rules
  • Add test case for performance test
  • Add CPU/MEM utilization section
  • Support fine-grained control to add or remove an individual rule
  • Add Q&A, future improvements section

@dgsudharsan dgsudharsan requested a review from Yarden-Z August 22, 2024 18:36
@maipbui
address comments
af408a3 
Signed-off-by: Mai Bui <[email protected]>
xincunli-sonic
xincunli-sonic previously approved these changes Sep 13, 2024
View reviewed changes
Copy link
Contributor

@xincunli-sonic xincunli-sonic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@maipbui
change to group level
24b0e94 
Signed-off-by: Mai Bui <[email protected]>
@maipbui
add more details
30eec43 
Signed-off-by: Mai Bui <[email protected]>
qiluo-msft
qiluo-msft reviewed Sep 19, 2024
View reviewed changes
doc/audit/security_auditing_HLD.md Outdated
@@ -37,7 +37,7 @@
## List of Tables
* [Table 1: Revision](#table-1-revision)
* [Table 2: Audit Rules Review](#table-2-audit-rules-review)
* [Table 3: Unit Test Cases](#table-3-unit-test-cases)
* [Table 3: Unt Test Cases](#table-3-unit-test-cases)
Copy link
Contributor

@qiluo-msft qiluo-msft Sep 19, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo: Unt #Closed

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

qiluo-msft
qiluo-msft reviewed Sep 19, 2024
View reviewed changes
doc/audit/security_auditing_HLD.md Outdated
]
}
]
"critical_files": "enabled",
Copy link
Contributor

@qiluo-msft qiluo-msft Sep 19, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For ConfigDB, the word convention is enable/disable
For StateDB, the word convention is enabled/disabled. #Closed

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed, thanks!

@maipbui
address comments
9750acb 
Signed-off-by: Mai Bui <[email protected]>
@maipbui maipbui requested review from liuh-80 and removed request for liuh-80 September 19, 2024 20:27
@maipbui
Copy link
Contributor Author

maipbui commented Sep 19, 2024
edited
Loading

@liuh-80 @Yarden-Z @xincunli-sonic @venkatmahalingam @yxieca @prsunny @lguohan @StormLiangMS could you please help review the HLD? thanks

@maipbui
Revert "address comments"
b565127 
This reverts commit 9750acb.
@maipbui
address comment
c1d2bdf 
Signed-off-by: Mai Bui <[email protected]>
qiluo-msft
qiluo-msft previously approved these changes Sep 20, 2024
View reviewed changes
xincunli-sonic
xincunli-sonic previously approved these changes Sep 20, 2024
View reviewed changes
@maipbui
modify YANG
b59f532 
Signed-off-by: Mai Bui <[email protected]>
@maipbui maipbui dismissed stale reviews from xincunli-sonic and qiluo-msft via b59f532 September 26, 2024 16:37
@zhangyanzhao
Copy link
Collaborator

@reviewers, would you please help to review this security feature? Thanks.

@maipbui
add latest changes
071be07 
Signed-off-by: Mai Bui <[email protected]>
@zhangyanzhao
Copy link
Collaborator

PRs are not merged yet, move to backlog

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xincunli-sonic xincunli-sonic xincunli-sonic approved these changes

@qiluo-msft qiluo-msft qiluo-msft approved these changes

@saiarcot895 saiarcot895 Awaiting requested review from saiarcot895

@dgsudharsan dgsudharsan Awaiting requested review from dgsudharsan

@yxieca yxieca Awaiting requested review from yxieca

@venkatmahalingam venkatmahalingam Awaiting requested review from venkatmahalingam

@StormLiangMS StormLiangMS Awaiting requested review from StormLiangMS

@prsunny prsunny Awaiting requested review from prsunny

@lguohan lguohan Awaiting requested review from lguohan

@Yarden-Z Yarden-Z Awaiting requested review from Yarden-Z

@liuh-80 liuh-80 Awaiting requested review from liuh-80

Assignees

@maipbui maipbui

Labels
None yet
Projects
SONiC 202411 Release
Status: MovedToBacklog
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@maipbui @zhangyanzhao @qiluo-msft @xincunli-sonic