starred/tacticalrmm

Fork 0

mirror of https://github.com/amidaware/tacticalrmm.git synced 2026-04-26 15:05:57 +03:00

[GH-ISSUE #2080] It is not possible to find out the user who installed a certain software using the action_type chocoinstall #3238

New issue

Closed

opened 2026-03-14 06:56:33 +03:00 by kerem · 4 comments

kerem commented

2026-03-14 06:56:33 +03:00

Owner

Originally created by @eduardoglazar on GitHub (Nov 25, 2024).
Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/2080

Server Info (please complete the following information):

OS: Ubuntu 22.04
Browser: Safari
RMM Version (as shown in top left of web UI): v0.19.4

Installation Method:

Standard
Standard with --insecure flag at install
Docker

Agent Info (please complete the following information):

Agent version (as shown in the 'Summary' tab of the agent from web UI): Agent v2.8.0
Agent OS: Windows 11

Describe the bug

Any software installed through the Web GUI on a workstation, in the path Software -> Install Software, does not register the user who did it, generating a security breach.

We searched the tacticalrmm database table and in the logs_pendingaction table there is no link to the user who performed the activity.

This record is not available anywhere, so it is impossible to find out who installed a certain software through Tactical RMM using the action_type chocoinstall.

To Reproduce
Steps to reproduce the behavior:

Go to Software
Click on 'Install Software
Scroll down to notepad
Don't see any register in any audit log

Expected behavior
It was hoped that somewhere in Tactical there would be such a record.

Originally created by @eduardoglazar on GitHub (Nov 25, 2024). Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/2080 **Server Info (please complete the following information):** - OS: Ubuntu 22.04 - Browser: Safari - RMM Version (as shown in top left of web UI): v0.19.4 **Installation Method:** - [X] Standard - [ ] Standard with `--insecure` flag at install - [ ] Docker **Agent Info (please complete the following information):** - Agent version (as shown in the 'Summary' tab of the agent from web UI): Agent v2.8.0 - Agent OS: Windows 11 **Describe the bug** Any software installed through the Web GUI on a workstation, in the path Software -> Install Software, does not register the user who did it, generating a security breach. We searched the tacticalrmm database table and in the logs_pendingaction table there is no link to the user who performed the activity. This record is not available anywhere, so it is impossible to find out who installed a certain software through Tactical RMM using the action_type chocoinstall. **To Reproduce** Steps to reproduce the behavior: 1. Go to Software 2. Click on 'Install Software 3. Scroll down to notepad 4. Don't see any register in any audit log **Expected behavior** It was hoped that somewhere in Tactical there would be such a record.

kerem

2026-03-14 06:56:33 +03:00

closed this issue
added the
enhancement
label

kerem commented

2026-03-14 06:56:55 +03:00

Author

Owner

@P6g9YHK6 commented on GitHub (Nov 25, 2024):

at this point it's not a security flaw it's a security lifestyle choice!
https://github.com/amidaware/tacticalrmm/issues/1773
https://github.com/amidaware/tacticalrmm/issues/2060
https://github.com/amidaware/tacticalrmm/issues/1711
https://github.com/amidaware/tacticalrmm/issues/1554
https://github.com/amidaware/tacticalrmm/issues/1417
https://github.com/amidaware/tacticalrmm/issues/1353
https://github.com/amidaware/tacticalrmm/issues/1539
https://github.com/amidaware/tacticalrmm/issues/1937

😘

@P6g9YHK6 commented on GitHub (Nov 25, 2024): at this point it's not a security flaw it's a security lifestyle choice! https://github.com/amidaware/tacticalrmm/issues/1773 https://github.com/amidaware/tacticalrmm/issues/2060 https://github.com/amidaware/tacticalrmm/issues/1711 https://github.com/amidaware/tacticalrmm/issues/1554 https://github.com/amidaware/tacticalrmm/issues/1417 https://github.com/amidaware/tacticalrmm/issues/1353 https://github.com/amidaware/tacticalrmm/issues/1539 https://github.com/amidaware/tacticalrmm/issues/1937 😘

kerem commented

2026-03-14 06:57:00 +03:00

Author

Owner

@eduardoglazar commented on GitHub (Nov 25, 2024):

@P6g9YHK6, In fact, it is not a vulnerability, but rather a suggested security improvement.

If it were possible to include the user ID (accounts_user) in the logs_pendingaction table that performed the action, it would already be useful, since we can obtain the data directly from the PostgreSQL database.

@eduardoglazar commented on GitHub (Nov 25, 2024): @P6g9YHK6, In fact, it is not a vulnerability, but rather a suggested security improvement. If it were possible to include the user ID (accounts_user) in the logs_pendingaction table that performed the action, it would already be useful, since we can obtain the data directly from the PostgreSQL database.

kerem commented

2026-03-14 06:57:05 +03:00

Author

Owner

@P6g9YHK6 commented on GitHub (Nov 25, 2024):

i was just joking that a lot of thing are missing audits in the application as a whole
from my point of view if something can be clicked/edited there should be an audit log that is from agent action or trmm settings itself

@P6g9YHK6 commented on GitHub (Nov 25, 2024): i was just joking that a lot of thing are missing audits in the application as a whole from my point of view if something can be clicked/edited there should be an audit log that is from agent action or trmm settings itself

kerem commented

2026-03-14 06:57:10 +03:00

Author

Owner

@wh1te909 commented on GitHub (Nov 26, 2024):

dupe #1353

@wh1te909 commented on GitHub (Nov 26, 2024): dupe #1353