Release Automation

Dear Team,

A while ago, we receive security incident informing that there is an update query execution happened on Nolio DB automatically. We checked with DB team and they confirmed that nothing of that sort is executed on the DB and hence we are suspecting it could be a CA RA auto update. Could you please look at the following details share on the same and confirm if this update is automatically pushed by CA RA?

Security Monitoring detected Specific action- Configuration changes from UI on 23-09-2018 at 10:57:12 CEST.
Activity was performed from account NOLIOADM on host <XYZ> on database AGNOLA

 

Received message
/* UPDATE COM.NOLIO.PLATFORM.SERVER.DATASERVICES.SERVICES.SETTINGS.MODEL.STRINGCONFIGURATIONPARAMETER */ UPDATE STR_PARAMS SET NAME=:1 , DESCRIPTION=:2 , VALUE=:3 , DEFINED_BY_USER=:4 , IS_PASSWORD=:5 WHERE ID=:6

Please provide us information about reason and authorization of performing this activity.

Additional information - Since the beginning of last week till date, this issue got reported 4 times.

Hi,

If you are using RA 6.6, STR_PARAMS table is updated when you change the value in [Administration] > [System Settings] on ROC. Or, same settings are managed in Automation Studio on earlier version.

This is JMX log when a value of System Settings is updated. This statement is normal behavior.

2018-10-02 17:59:22,664 [http-nio-8080-exec-26] DEBUG (org.hibernate.SQL:104) - /* update com.nolio.platform.server.dataservices.services.settings.model.StringConfigurationParameter */ update str_params set name=?, description=?, value=?, defined_by_user=?, is_password=? where id=?

I believe it is not automated. Please check if anyone changed System Settings.

Regards

Yas

Thanks Yasuyuki,

I tried looking into Audit History report but there are no logs pertaining user making changes in system settings.

Where else can I trace if any user has made the changes to system settings?

Best regards,

Vrunda

Hi,

I suppose Audit History Report doesn't cover System Settings because the report can manage the event regarding design only.

If you want to audit all behavior on GUI, please raise an idea.

By the way, you may see the records regarding system settings in str_params_aud table.

Thanks

Yas

However, I cannot mention the details of schema information because CA doesn't publish the specification officially. 

So, I don't know invoked user in str_params_aud table.

Hello ,

I see a similar incident , details below :

Security Monitoring of NOLIO application detected specific action: configuration changes from UI performed on . Activities were performed on host: <XYZ>.

Received message:
/* UPDATE COM.NOLIO.PLATFORM.SERVER.DATASERVICES.SERVICES.SETTINGS.MODEL.STRINGCONFIGURATIONPARAMETER */ UPDATE STR_PARAMS SET NAME=:1 , DESCRIPTION=:2 , VALUE=:3 , DEFINED_BY_USER=:4 , IS_PASSWORD=:5 WHERE ID=:6

For that logs shows :- 
2018-09-28 04:38:27,211 [http-nio-8443-exec-9] INFO (com.nolio.platform.server.dataservices.services.ha.MasterNacIdentifierInterceptor:129) - received new incoming request when I'm not master. Trying to become master before handling request...
2018-09-28 04:38:27,211 [http-nio-8443-exec-5] INFO (com.nolio.platform.server.dataservices.services.ha.MasterNacIdentifierInterceptor:129) - received new incoming request when I'm not master. Trying to become master before handling request...
2018-09-28 04:38:27,213 [http-nio-8443-exec-9] DEBUG (com.nolio.platform.server.dataservices.services.ha.MasterNacService:130) - an attempt is made to force this NAC to be master.
2018-09-28 04:38:27,213 [http-nio-8443-exec-5] DEBUG (com.nolio.platform.server.dataservices.services.ha.MasterNacService:130) - an attempt is made to force this NAC to be master.
2018-09-28 04:38:27,218 [http-nio-8443-exec-5] INFO (com.nolio.platform.server.dataservices.services.ha.MasterNacService:137) - forced this NAC to be master successfully.
2018-09-28 04:38:27,224 [http-nio-8443-exec-9] INFO (com.nolio.platform.server.dataservices.services.ha.MasterNacService:137) - forced this NAC to be master successfully.
2018-09-28 04:38:27,322 [ActiveApplicationContextManager-5] INFO (com.nolio.releasecenter.model.cmm.ChefClientBootstrapServiceImpl:66) - Clearing ALL bootstrap attempts
2018-09-28 04:38:27,548 [ActiveApplicationContextManager-5] WARN (com.nolio.platform.server.dataservices.services.i18n.PropertiesHolder:91) - Messages/Messages_en_us.properties not found. Default property file will be used.
2018-09-28 04:38:27,598 [ActiveApplicationContextManager-5] INFO (com.nolio.platform.server.dataservices.api.model.installservice.UnixInstallService:137) - Initializing UnixInstallService...
2018-09-28 04:38:27,615 [http-nio-8443-exec-3] INFO (com.nolio.platform.server.dataservices.services.ha.MasterNacIdentifierInterceptor:129) - received new incoming request when I'm not master. Trying to become master before handling request...
2018-09-28 04:38:27,617 [http-nio-8443-exec-3] DEBUG (com.nolio.platform.server.dataservices.services.ha.MasterNacService:130) - an attempt is made to force this NAC to be master.
2018-09-28 04:38:27,623 [http-nio-8443-exec-3] INFO (com.nolio.platform.server.dataservices.services.ha.MasterNacService:137) - forced this NAC to be master successfully.
2018-09-28 04:38:27,688 [ActiveApplicationContextManager-5] WARN (org.hibernate.hql.internal.ast.HqlSqlWalker:929) - [DEPRECATION] Encountered positional parameter near line 1, column 92. Positional parameter are considered deprecated; use named parameters or JPA-style positional parameters instead.
2018-09-28 04:38:27,762 [ActiveApplicationContextManager-5] WARN (org.hibernate.hql.internal.ast.HqlSqlWalker:929) - [DEPRECATION] Encountered positional parameter near line 1, column 96. Positional parameter are considered deprecated; use named parameters or JPA-style positional parameters instead.
2018-09-28 04:38:27,776 [ActiveApplicationContextManager-5] INFO (com.nolio.platform.server.dataservices.services.execmng.CheckExecutionConnectivityImpl:50) - Using restartBrokerConnectionInterval='240000'
2018-09-28 04:38:27,789 [ActiveApplicationContextManager-5] INFO (com.nolio.platform.server.dataservices.services.execmng.AutoAssignDeployerServiceImpl:57) - initializing AutoAssignDeployerServiceImpl...
2018-09-28 04:38:27,819 [ActiveApplicationContextManager-5] INFO (com.nolio.platform.server.dataservices.services.execmng.ExecutionServerStatusMonitor:61) - Start Monitoring execution servers status (interval=10000 ms)
2018-09-28 04:38:27,820 [ExecutionServerStatusTask-40876] DEBUG (com.nolio.platform.server.dataservices.services.execmng.ExecutionServerStatusMonitor:92) - Update execution servers status
2018-09-28 04:38:27,911 [ActiveApplicationContextManager-5] INFO (com.nolio.platform.server.dataservices.api.model.installservice.AgentRestarterService:78) - Starting AgentRestarterService...
2018-09-28 04:38:27,980 [ActiveApplicationContextManager-5] INFO (com.nolio.platform.server.dataservices.services.execution.BlockedJobsPoller:65) - BlockedJobsPoller created.
2018-09-28 04:38:27,981 [BlockedJobsPollerTask-3] INFO (com.nolio.platform.server.dataservices.services.execution.BlockedJobsPoller:110) - BlockedJobsPoller started.
2018-09-28 04:38:27,992 [ActiveApplicationContextManager-5] INFO (com.nolio.platform.server.dataservices.services.execution.cache.ActiveJobsCacheCleaner:54) - ActiveJobsCacheCleaner starting...
2018-09-28 04:38:27,995 [ActiveJobsCacheInitializer-1] DEBUG (com.nolio.platform.server.dataservices.services.execution.cache.ActiveJobsCacheInitializer:60) - 1 online non final jobs loaded from database. Adding them to cache.
2018-09-28 04:38:27,995 [ActiveJobsCacheInitializer-1] DEBUG (com.nolio.platform.server.dataservices.services.execution.cache.ActiveJobsCacheInitializer:64) - loading job[id=3179048]...
2018-09-28 04:38:27,995 [ActiveJobsCacheInitializer-1] DEBUG (com.nolio.platform.server.dataservices.services.execution.cache.ActiveJobsCacheInitializer:66) - finished loading job[id=3179048] successfully.

Any Idea why it is occurring again and again ?

Hi Titiksha,

Is your environment HA?

If so, I'm not sure, but fail over might be occurred at that time.

At least, it seems Error or Exception was not occurred in your log. 

Regards

Yas

Hi Yasuyuki,

We are having a HA Nolio environment ,is it something related to that ?

Best Regards

Titiksha

Yes. The log messages are related to HA. HA failover scenarios are covered in the URL below. Based on the messages it seems like the failover occurred due to scenario #2 (passive server received login request). 

Unexpected High Availability Failovers - CA Knowledge 

Message that prompts me to say this is: 

"received new incoming request when I'm not master. Trying to become master before handling request..."

I have no knowledge of HA causing those DB updates. I'm inclined to think that they happened independent of each other.