Inconsistent client IP recorded in audit log session start events - Githubissues

gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.

https://goteleport.com

GNU Affero General Public License v3.0

17.39k stars 1.74k forks source link

Inconsistent client IP recorded in audit log session start events #38658

Open stevenGravy opened 7 months ago

stevenGravy commented 7 months ago

Expected behavior:

Session start audit log would have the same client IP record name. All start sessions would have the client IP.

Current behavior:

Kubernetes interactive start session does not have the client IP. k8s start session records a record of "addr.remote": "0.0.0.0:0" which is likely the case for a reverse tunnel k8s service connection.
DB start sessions does not include client IP.
Windows start session records client IP as addr.local, with windows server as addr.remote.
SSH session records client IP as addr.remote.
Application records as client IP addr.remote.

Bug details:

Teleport version: 14.3.6
Recreation steps

Create interactive sessions for k8s, SSH and Windows
Create DB and application sessions
Review audit logs.

rojinebrahimi commented 3 months ago

Are there any solutions to include addr.remote to SSO Login as well?