Auditing of Operations on the Filesystem, Tables, and Streams
Provides instructions for using MapR auditing features.
This type of auditing is for operations that are managed by the mfs
service, MapR-DB, and MapR Streams. These operations take place within volumes and
have effects at the level of the MapR filesystem.
Auditing of operations on directories and files
The following operations on files and directories are audited by default and
operations with Y in the Selective Auditing Support column can be
included and/or excluded from auditing. Operations with N in the
Selective Auditing Support column are audited by default and cannot be excluded from
auditing.
| Operation | Name in Audit Logs | Directories | Files | Selective Auditing Support |
|---|---|---|---|---|
| Change group owner | CHGRP | Y | Y | Y |
| Change owner | CHOWN | Y | Y | Y |
| Change permissions | CHPERM | Y | Y | Y |
| Create | CREATE | N/A | Y | Y |
| Create symbolic link | CREATESYM | Y | Y | Y |
| Delete | DELETE | N/A | Y | Y |
| Disable auditing | DISABLEAUDIT | Y | Y | N |
| Enable auditing | ENABLEAUDIT | Y | Y | N |
| Get attributes | GETATTR | Y | Y | Y |
| Get extended attributes | GETXATTR | Y | Y | Y |
| Get the mode bits for files/directories accessed over NFS | GETPERM | Y | Y | Y |
| List extended attributes | LISTXATTR | Y | Y | Y |
| Lookup | LOOKUP | Y | Y | Y |
| Create directory | MKDIR | Y | N/A | Y |
| Read a file | READ | N/A | Y | Y |
| Read a directory | READDIR | Y | N/A | Y |
| Remove extended attributes | REMOVEXATTR | Y | Y | Y |
| Rename | RENAME | Y | Y | Y |
| Delete a directory | RMDIR | Y | N/A | Y |
| Set attributes | SETATTR | Y | Y | Y |
| Set extended attributes | SETXATTR | Y | Y | Y |
| Truncate a file | TRUNCATE | N/A | Y | Y |
| Write to a file | WRITE | N/A | Y | Y |
Auditing of operations on MapR-DB binary tables and JSON tables
The following operations on both types of MapR-DB tables are audited by default and
operations with Y in the Selective Auditing Support column can be
included and/or excluded from auditing. Operations with N in the
Selective Auditing Support column are audited by default and cannot be excluded from
auditing. Notes indictate where an operation is audited for only one type of
table.
| Operation | Name in Audit Logs | Selective Auditing Support |
|---|---|---|
| Create a column family | DB_CFCREATE | Y |
| Modify a column family | DB_CFMODIFY | Y |
| Delete a column family | DB_CFREMOVE | Y |
| Scan a column | DB_CFSCAN | Y |
| Get data | DB_GET | Y |
| Perform incremental bulk load | DB_IMPORTBUCKET | N |
| Perform full bulk load | DB_IMPORTSEGMENT | N |
| Put data | DB_PUT | Y |
| Compact a table region | DB_REGIONCOMPACT | N |
| Look up a region on the current node | DB_REGIONLOOKUP | N |
| Merge two consecutive regions | DB_REGIONMERGE | N |
| Split a region into two | DB_REGIONSPLIT | N |
| Configure a replica for a table NOTE: Audited for binary tables only. Replication of JSON tables is
not supported. |
DB_REPLICAADD | N |
| Edit the replica for a table NOTE: Audited for binary tables only. Replication of JSON tables is
not supported. |
DB_REPLICAEDIT | N |
| List the replicas for a table NOTE: Audited for binary tables only. Replication of JSON tables is
not supported. |
DB_REPLICALIST | N |
| Remove a replica for a table NOTE: Audited for binary tables only. Replication of JSON tables is
not supported. |
DB_REPLICAREMOVE | N |
| Scan a table | DB_SCAN | Y |
| Create a table | DB_TABLECREATE | Y |
| View information about a table | DB_TABLEINFO | Y |
| Modify a table | DB_TABLEMODIFY | Y |
| Add an upstream source to a replica NOTE: Audited for binary tables only. Replication of JSON tables is
not supported. |
DB_UPSTREAMADD | N |
| List all upstream sources for a replica NOTE: Audited for binary tables only. Replication of JSON tables is
not supported. |
DB_UPSTREAMLIST | N |
| Remove an upstream source for a replica NOTE: Audited for binary tables only. Replication of JSON tables is
not supported. |
DB_UPSTREAMREMOVE | N |
Auditing of operations on MapR streams
The following operations on MapR streams are audited by default and operations with
Y in the Selective Auditing Support column can be included
and/or excluded from auditing. Operations with N in the Selective
Auditing Support column are audited by default and cannot be excluded from auditing.
Notes indictate where an operation is audited for only one type of table.
| Operation | Name in Audit Logs | Selective Auditing Support |
|---|---|---|
| Modify attributes or permissions of a stream | DB_CFMODIFY | Y |
| Produce messages to topics of a stream | DB_PUT | Y |
| Add a replica | DB_REPLICAADD | N |
| Edit a replica | DB_REPLICAEDIT | N |
| List the replicas for a stream | DB_REPLICALIST | N |
| Remove a replica | DB_REPLICAREMOVE | N |
| Consume messages from topics of a stream | DB_SCAN | Y |
| Add an upstream source to a replica | DB_UPSTREAMADD | N |
| List all upstream sources for a replica | DB_UPSTREAMLIST | N |
| Remove an upstream source from a replica | DB_UPSTREAMREMOVE | N |