Tag Archives: audit

Who is this root user I’m seeing in Pure1?

The Pure1 audit log explained (a bit)

In the early days of my learning curve on Pure arrays, I see a lot of consistencies between Pure and the other vendors I’ve worked with. For example an (EMC) LUN or volume is called a (Pure) volume, but hey! Everybody understands me when I simply say “LUN”. Then you have host groups, aka clusters, hosts, LUN addresses, bandwidth, throughput. If you know these names from one vendor, you speak the “storage” language.

Logging is no different: when an administrator creates a (LUN or) a volume on a Pure system, you can easily see that in the audit log in Pure1, but from time to time you will also see entries from root users popping up in the audit trail:
But where is this suddenly appearing root user coming from and what is its purpose? And more importantly: can it do any harm? Can this root user be taken hostage or hacked? Or is this user actually a hacker? Read more »