Google Storage AuditLogs -查找谁正在尝试访问

我有一个启用了审计日志的google存储桶。每隔一天或两天，我就会收到关于PERMISSION DENIED的日志。日志指定了请求者请求的访问类型。但是，没有给我足够的信息来回答这个问题——谁在请求?

日志信息:

{
"insertId": "rr6wsd...",
"logName": "projects/PROJECT_ID/logs/cloudaudit.googleapis.com%2Fdata_access",
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"authenticationInfo": {},
"authorizationInfo": [
{
"permission": "storage.buckets.get",
"resource": "projects//buckets/BUCKET_NAME",
"resourceAttributes": {}
}
],
"methodName": "storage.buckets.get",
"requestMetadata": {
"callerSuppliedUserAgent": "Blob/1 (cr/340918833)",
"destinationAttributes": {},
"requestAttributes": {
"auth": {},
"reason": "8uSywAZKWkhOZWVkZWQg...",
"time": "2021-01-20T03:43:38.405230045Z"
}
},
"resourceLocation": {
"currentLocations": [
"us-central1"
]
},
"resourceName": "projects//buckets/BUCKET_NAME",
"serviceName": "storage.googleapis.com",
"status": {
"code": 7,
"message": "PERMISSION_DENIED"
}
},
"receiveTimestamp": "2021-01-20T03:43:38.488787956Z",
"resource": {
"labels": {
"bucket_name": "BUCKET_NAME",
"location": "us-central1",
"project_id": "PROJECT_ID"
},
"type": "gcs_bucket"
},
"severity": "ERROR",
"timestamp": "2021-01-20T03:43:38.399417759Z"
}

正如你所看到的，谁在谈论"谁在试图访问">

"callerSuppliedUserAgent": "Blob/1 (cr/340918833)",

但是这意味着什么呢?对我来说毫无意义。

我怎么知道谁试图访问这个权限?

callerSuppliedUserAgent可以是客户端应用程序在其请求标头中放置的任何内容-忽略它，因为该标头可以伪造。只有合法的应用程序才会把有意义的内容放在头文件中。

这是一个未经身份验证的请求。没有身份需要记录。很可能是网络喷子在扫描互联网寻找打开的桶。

注意auth键为空。请求中未提供授权。

"requestAttributes": {
"auth": {},
"reason": "8uSywAZKWkhOZWVkZWQg...",
"time": "2021-01-20T03:43:38.405230045Z"
}

相关内容

最新更新

热门标签：