Project

General

Profile

Actions

Bug #15431

closed

Guard against non-audit mode on node

Added by Nicolas CHARLES over 4 years ago. Updated over 4 years ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:

Description

We want to have a node local file that tells "this node must be on audit". Suggested file name: /opt/rudder/etc/force-audit-agent

If the policies downloaded from the server is not "audit", then stop execution and report error.

File can be set and unset with
rudder agent set-force-audit
rudder agent unset-force-audit


Subtasks 2 (0 open2 closed)

Bug #15458: Adapt techniques to stop agent if it's not in audit and the audit is enforcedReleasedAlexis MoussetActions
Bug #15459: add a rudder agent command to force/unforce audit modeReleasedAlexis MoussetActions
Actions

Also available in: Atom PDF