MongoDB Security – Find Unauthenticated Connections

authenticationmongodb

I have many services and users that connect to MongoDB and now I need to switch on authentication. I have created some accounts and tried to ensure most users/services are now using accounts when connecting. I'd like to know if there is any way I can find connections to the database that are not using an account before I restart the mongod with --auth and enforce authentication.

Best Answer

Failing anything better here is a script to parse the log files and find unauthenticated users:

#!/usr/bin/env gawk -f

# Script to parse the MongoDB log file to find any connections that was not authenticated.

BEGIN {
    if (ARGV[1] == "") {
        print "[usage]: ./unauth_connections [mongodb.log]"
        exit 1
    }
}

# Build list of all connections and their IPs
/[[]initandlisten[]] connection accepted/ {
    # Prepend "conn" and remove the leading # from the connection
    # ID so the key is consistent with the log authentication line
    # i.e. turns #5 to conn5
    conn_key = "conn" substr($10, 2)
    # Build the list: conn_key => authenticated
    conn_list[conn_key]
    # Build the list for the IP: conn_key => IP
    ip[conn_key] = $9
}

# Find authenticated connections
/[[]conn[0-9]+[]]  authenticate/ {
    # Remove the brackets from the connection ID so key is
    # consistent with the initial connection log line
    # i.e. turn [conn5] to conn5
    gsub(/[][]/, "", $5)
    # Flag that the connection is authenticated
    conn_list[$5] = 1
}

END {
    # Build a list of unauthenticated users
    for (conn in conn_list) {
       if (!conn_list[conn]) {
          anon[conn] = sprintf("Connection %8s from %20s not authenticated", conn, ip[conn])
       }
    }

    # Sort the list and print in order
    n = asort(anon)
    for (i=1; i<=n; i++) {
        print anon[i]
    }
}
Related Question