Date: Sat, 3 Aug 2024 15:52:25 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> To: freebsd-hackers@FreeBSD.org Subject: auditd not logging file operations thru NFS Message-ID: <b9baa170-557b-4bb8-ba0e-6be45a3966d4@quip.cz>
next in thread | raw e-mail | index | archive | help
I have auditd running on two machines with a configuration to monitor all changes in files on the filesystem. If I write to the file from the localhost (on machine A), everything works and the record appears in the logfile. However, if a directory is exported via NFS, mounted on another machine (machine B), and I write to the file on the machine B, then no record appears in the audit log on machine A. Is there a way to configure auditd to log these events too? /etc/security/audit_user is empty /etc/security/audit_event is default /etc/security/audit_class is default # cat /etc/security/audit_control # # $FreeBSD: releng/10.3/contrib/openbsm/etc/audit_control 293161 2016-01-04 16:32:21Z brueffer $ # dir:/var/audit dist:off flags:lo,aa,ad,fw,fm,fc,fd minfree:5 naflags:lo,aa,ad,fw,fm,fc,fd policy:cnt,argv filesz:50M expire-after:600s Kind regards Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b9baa170-557b-4bb8-ba0e-6be45a3966d4>