aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

address feedback

Browse Source
pull/4546/head
irenarindos 2 years ago
parent 7d6aec05d3
commit 892dbe7e3f
2 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File

4
website/content/docs/concepts/auditing.mdx
Unescape View File

@ -173,7 +173,7 @@ user, target, host, worker, and credentials used to access the target. The inten
relevant to the recorded session so that the BSR provides a complete snapshot of a session even in the absence of the Boundary
control plane.
- `session-recording.meta` is a plaintext file that contains metadata about the session, including the session id, protocol,
and connection id.
and a connection ids. For each connection id listed, there should be a corresponding connection directory in the session directory.
- `session-recording-summary.json` is a JSON file that contains a summary of the session recording, including the session id, connection count,
start time, end time, and any errors encountered during recording of the session.
@ -276,7 +276,7 @@ connection: cr_3bB78W53Y9.connection
- `SHA256SUM.sig` is a plaintext file that contains rows of file names paired with a checksum for file contents.
- `SHA256SUM.sig` is a signature of the plaintext `SHA256SUM` file created with the private key.
- `connection-recording.meta` is a plaintext file that contains metadata about the connection, including the connection id,
requests seen, channels opened under the connection, and any errors seen.
requests seen, channel ids, and any errors seen. For each channel id listed, there should be a corresponding channel directory in the connection directory.
- `connection-recording-summary.json` is a JSON file that contains a summary of the connection, including the connection id,
start time, end time, bytes up, bytes down, and any errors encountered during recording the connection.
- `requests-inbound.data` is a binary file containing all inbound SSH request messages transmitted for the connection.

5
website/content/docs/operations/session-recordings/validate-session-recordings.mdx
Unescape View File

@ -57,4 +57,7 @@ Follow these steps to validate a session recording:
2. Unwrap `wrappedPrivKey` using the external KMS you configured to retrieve the private key.
3. Use the BSR key or the private key to verify the `bsrKey.pub` key using `go-kms-wrapping` HmacSha256(...).
4. When the key is verified, use the `bsrKey.pub` key to verify the BSR SHA256SUM.sig file using `go-kms-wrapping` ed25519.Sign(...).
5. After verifying the SHA256SUM.sig file, use the `sha256` commandline tool to verify BSR checksums using `sha256sum -c SHA256SUM`
5. After verifying the SHA256SUM.sig file, use the `sha256` commandline tool to verify BSR checksums using `sha256sum -c SHA256SUM`.
6. Examine the *-meta.json files in the directory. For session-meta.json, every connection logged in the meta file should
correspond to a connection folder in the directory. For a connection-meta.json, every channel logged in the meta file should
correspond to a channel folder in the directory..

Write Preview
Loading…
Cancel
Save