Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Increase retention of Elasticsearch domain error logs #5557

Closed
12 of 14 tasks
dsotirho-ucsc opened this issue Sep 20, 2023 · 2 comments
Closed
12 of 14 tasks

Increase retention of Elasticsearch domain error logs #5557

dsotirho-ucsc opened this issue Sep 20, 2023 · 2 comments
Assignees
@dsotirho-ucsc
Labels
- [priority] Medium bug [type] A defect preventing use of the system as specified compliance [subject] Information and software security debt [type] A defect incurring continued engineering cost demo [process] To be demonstrated at the end of the sprint demoed [process] Successfully demonstrated to team infra [subject] Project infrastructure like CI/CD, build and deployment scripts orange [process] Done by the Azul team

Comments

@dsotirho-ucsc
Copy link
Contributor

dsotirho-ucsc commented Sep 20, 2023
edited by hannes-ucsc
Loading

Increase retention of Elasticsearch domain ES_APPLICATION_LOGS type logs to 180 days.

This ticket was prompted from the review of audit log retention #5078

  • Security design review completed; the Resolution of this issue does not
    • … affect authentication; for example:
      • OAuth 2.0 with the application (API or Swagger UI)
      • Authentication of developers with Google Cloud APIs
      • Authentication of developers with AWS APIs
      • Authentication with a GitLab instance in the system
      • Password and 2FA authentication with GitHub
      • API access token authentication with GitHub
      • Authentication with
    • … affect the permissions of internal users like access to
      • Cloud resources on AWS and GCP
      • GitLab repositories, projects and groups, administration
      • an EC2 instance via SSH
      • GitHub issues, pull requests, commits, commit statuses, wikis, repositories, organizations
    • … affect the permissions of external users like access to
      • TDR snapshots
    • … affect permissions of service or bot accounts
      • Cloud resources on AWS and GCP
    • … affect audit logging in the system, like Increase retention of Elasticsearch domain error logs #5557 (comment)
      • adding, removing or changing a log message that represents an auditable event
      • changing the routing of log messages through the system
    • … affect monitoring of the system
    • … introduce a new software dependency like
      • Python packages on PYPI
      • Command-line utilities
      • Docker images
      • Terraform providers
    • … add an interface that exposes sensitive or confidential data at the security boundary
    • … affect the encryption of data at rest
    • … require persistence of sensitive or confidential data that might require encryption at rest Increase retention of Elasticsearch domain error logs #5557 (comment)
    • … require unencrypted transmission of data within the security boundary
    • … affect the network security layer; for example by
      • modifying, adding or removing firewall rules
      • modifying, adding or removing security groups
      • changing or adding a port a service, proxy or load balancer listens on
  • Documentation on any unchecked boxes is provided in comments below
@dsotirho-ucsc dsotirho-ucsc added orange [process] Done by the Azul team bug [type] A defect preventing use of the system as specified debt [type] A defect incurring continued engineering cost infra [subject] Project infrastructure like CI/CD, build and deployment scripts compliance [subject] Information and software security labels Sep 20, 2023
@dsotirho-ucsc dsotirho-ucsc self-assigned this Sep 21, 2023
dsotirho-ucsc added a commit that referenced this issue Sep 21, 2023
@dsotirho-ucsc
Increase retention of Elasticsearch domain error logs (#5557)
9022a58
@dsotirho-ucsc dsotirho-ucsc mentioned this issue Sep 21, 2023
Merged
99 tasks
@dsotirho-ucsc dsotirho-ucsc added the - [priority] Medium label Sep 21, 2023
@dsotirho-ucsc dsotirho-ucsc mentioned this issue Sep 21, 2023
Closed
dsotirho-ucsc added a commit that referenced this issue Sep 22, 2023
@dsotirho-ucsc
Increase retention of Elasticsearch domain error logs (#5557)
a3bc7c0
@hannes-ucsc
Copy link
Member

For demo, show retention in AWS console.

@hannes-ucsc hannes-ucsc added the demo [process] To be demonstrated at the end of the sprint label Sep 28, 2023
@hannes-ucsc
Copy link
Member

hannes-ucsc commented Sep 28, 2023
edited
Loading

Security review: This change increases the retention of Elasticsearch error logs to longer than what FedRAMP requires. We've determined that the resulting increase in storage volume is negligible. The logs are stored in CloudWatch will are encrypted server-side by default.

This change therefore increases our security posture.

dsotirho-ucsc added a commit that referenced this issue Sep 28, 2023
@dsotirho-ucsc
Increase retention of Elasticsearch domain error logs (#5557)
6ff761b
dsotirho-ucsc added a commit that referenced this issue Sep 29, 2023
@dsotirho-ucsc
Increase retention of Elasticsearch domain error logs (#5557, PR #5558)
81cab83
@dsotirho-ucsc dsotirho-ucsc added the demoed [process] Successfully demonstrated to team label Oct 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dsotirho-ucsc dsotirho-ucsc

Labels
- [priority] Medium bug [type] A defect preventing use of the system as specified compliance [subject] Information and software security debt [type] A defect incurring continued engineering cost demo [process] To be demonstrated at the end of the sprint demoed [process] Successfully demonstrated to team infra [subject] Project infrastructure like CI/CD, build and deployment scripts orange [process] Done by the Azul team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hannes-ucsc @dsotirho-ucsc