-
Feature Request
-
Resolution: Unresolved
-
Undefined
-
None
-
2.4, 2.5
-
False
-
-
False
Feature Overview
Implement unique identifiers that can be used for mapping job template executions in both AAP and SSH logs from the managed node for correct Audit trail as per requested in PCI DSS 4.0, control 8.2.1:
"8.2.1.b Examine audit logs and other evidence to verify that
access to system components and cardholder data can be uniquely
identified and associated with individuals."
For PCI audit reasons we need audit trail per employee. The Tower connects to the endpoints with a shared secret, and employees can start the plays without personla credentials. Login to Tower itself with a personal user ID. On the RedHat endpoints, we are able via auditd to map the session to the ssh-key used by the tower to connect and log all commands executed. The Tower is logging via remote logging to a rsyslog/SIEM solution. We are not able to find a "link" from the tower log to the endpoint logs to idenditfy who started the play on tower to have a complete audit trail.
Background, and strategic fit
The current information cannot be easily mapped on the managed host and with that cannot be fully audited.
(Optional) Use Cases
PCI Audit
