auditd not logging file operations thru NFS
- Reply: Alan Somers : "Re: auditd not logging file operations thru NFS"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 03 Aug 2024 13:52:25 UTC
I have auditd running on two machines with a configuration to monitor all changes in files on the filesystem. If I write to the file from the localhost (on machine A), everything works and the record appears in the logfile. However, if a directory is exported via NFS, mounted on another machine (machine B), and I write to the file on the machine B, then no record appears in the audit log on machine A. Is there a way to configure auditd to log these events too? /etc/security/audit_user is empty /etc/security/audit_event is default /etc/security/audit_class is default # cat /etc/security/audit_control # # $FreeBSD: releng/10.3/contrib/openbsm/etc/audit_control 293161 2016-01-04 16:32:21Z brueffer $ # dir:/var/audit dist:off flags:lo,aa,ad,fw,fm,fc,fd minfree:5 naflags:lo,aa,ad,fw,fm,fc,fd policy:cnt,argv filesz:50M expire-after:600s Kind regards Miroslav Lachman