ActionTrail store logs to publicly accessible bucket

Logging and monitoring

ActionTrail store logs to publicly accessible bucket

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

AliCloud CIS

Description

ActionTrail is a web service that monitors and records actions performed on your cloud through cloud console, API calls, and SDK operations. The recorded events are stored at the configured Log Service Logstores and Object Storage Service buckets (if configured). It was detected that the ActionTrail {AliCloudActionTrail} store the logs to the bucket {AliCloudActionTrail.OssBucket} which is publicly accessible.

Recommended Mitigation

It is recommended that the trail logs will be stored in a private OSS bucket. To edit the bucket's access control list (ACL), follow the instructions at: https://www.alibabacloud.com/help/en/object-storage-service/latest/configure-the-acl-of-a-bucket

ActionTrail store logs to publicly accessible bucket

Description

Need help?