Bug ID 708389: BADOS monitoring with Grafana requires admin privilege

Last Modified: Jan 17, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4

Fixed In:
14.1.0, 13.1.0.6

Opened: Mar 01, 2018
Severity: 3-Major

Symptoms

Current Grafana monitoring requires admin privilege. Grafana stores its internal database in unencrypted format, so the admin password can be extracted from a compromised computer.

Impact

Guest user cannot access data needed for Grafana.

Conditions

Monitoring using Grafana.

Workaround

None.

Fix Information

There is now a REST call to pool the Grafana statistics. This allows any user (including guest), not just admin or root, to access data needed for Grafana.

Behavior Change

This release introduces the following tmsh commands: -- tmsh run util admdb - for help + list-element path_folder - lists folder + view-element path_file - view file contents + list-metrics path vs + table-query base_path db sRate tsfiles ts metric_columns_aliases The path must be under /shared/admdb, for example: -- run util admdb list-element /shared/admdb/default/_a_l_l -- run util admdb view-element /shared/admdb/default/_a_l_l/info.sysinfo/1000/1522229248000.txt -- run util admdb table-query /shared/admdb default 1000 '[1522233344000]' '[1522234774492,1522235074492]' '[["info.attack",["v0"],"Attack"],["sig.health",["v0"],"Health"],["info.learning",["v0"],"Learning"],["info.learning",["v2"],"Learned samples"]]'