如何解决Google Storage AuditLogs - 查找试图访问的人
我有一个启用了审计日志的谷歌存储桶。每隔一两天,我都会收到有关 PERMISSION DENIED 的日志。日志指定了请求者要求的访问类型。但是,没有给我足够的信息来回答这个问题 - 谁在请求?
这是日志消息:
IEmailSender如您所见,谈论“谁试图访问”的唯一信息是
{
"insertId": "rr6wsd...","logName": "projects/PROJECT_ID/logs/cloudaudit.googleapis.com%2Fdata_access","protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog","authenticationInfo": {},"authorizationInfo": [
{
"permission": "storage.buckets.get","resource": "projects//buckets/BUCKET_NAME","resourceAttributes": {}
}
],"methodName": "storage.buckets.get","requestMetadata": {
"callerSuppliedUserAgent": "Blob/1 (cr/340918833)","destinationAttributes": {},"requestAttributes": {
"auth": {},"reason": "8uSywAZKWkhOZWVkZWQg...","time": "2021-01-20T03:43:38.405230045Z"
}
},"resourceLocation": {
"currentLocations": [
"us-central1"
]
},"resourceName": "projects//buckets/BUCKET_NAME","serviceName": "storage.googleapis.com","status": {
"code": 7,"message": "PERMISSION_DENIED"
}
},"receiveTimestamp": "2021-01-20T03:43:38.488787956Z","resource": {
"labels": {
"bucket_name": "BUCKET_NAME","location": "us-central1","project_id": "PROJECT_ID"
},"type": "gcs_bucket"
},"severity": "ERROR","timestamp": "2021-01-20T03:43:38.399417759Z"
}
但这意味着什么?对我来说毫无意义。
我如何了解谁在尝试访问此权限?
解决方法
callerSuppliedUserAgent 可以是客户端应用程序放入其请求标头中的任何内容 - 忽略它,因为此标头可能是伪造的。只有合法的应用程序才会在标头中放入任何有意义的内容。
这是一个未经身份验证的请求。没有要记录的身份。很可能是巨魔扫描互联网寻找打开的桶。
请注意 auth 键为空。请求中未提供授权。
"requestAttributes": {
"auth": {},"reason": "8uSywAZKWkhOZWVkZWQg...","time": "2021-01-20T03:43:38.405230045Z"
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。