Security flaw, it is not possible to find out the user who installed a certain software using the action_type chocoinstall

[eduardoglazar]

Server Info (please complete the following information):

• OS: Ubuntu 22.04
• Browser: Safari
• RMM Version (as shown in top left of web UI): v0.19.4

Installation Method:

• Standard
• Standard with --insecure flag at install
• Docker

Agent Info (please complete the following information):

• Agent version (as shown in the 'Summary' tab of the agent from web UI): Agent v2.8.0
• Agent OS: Windows 11

Describe the bug

Any software installed through the Web GUI on a workstation, in the path Software -> Install Software, does not register the user who did it, generating a security breach.

We searched the tacticalrmm database table and in the logs_pendingaction table there is no link to the user who performed the activity.

This record is not available anywhere, so it is impossible to find out who installed a certain software through Tactical RMM using the action_type chocoinstall.

To Reproduce
Steps to reproduce the behavior:

1. Go to Software
2. Click on 'Install Software
3. Scroll down to notepad
4. Don't see any register in any audit log

Expected behavior
It was hoped that somewhere in Tactical there would be such a record.

[P6g9YHK6]

at this point it's not a security flaw it's a security lifestyle choice!
#1773
#2060
#1711
#1554
#1417
#1353
#1539
#1937

😘

[eduardoglazar]

@P6g9YHK6, In fact, it is not a vulnerability, but rather a suggested security improvement.

If it were possible to include the user ID (accounts_user) in the logs_pendingaction table that performed the action, it would already be useful, since we can obtain the data directly from the PostgreSQL database.

[P6g9YHK6]

i was just joking that a lot of thing are missing audits in the application as a whole
from my point of view if something can be clicked/edited there should be an audit log that is from agent action or trmm settings itself