From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Bob Kryger" <bobk@sac.com>
Subject: auditing nfs
Date: Tue, 26 Feb 2008 16:54:13 -0500
Message-ID: <47C48A85.20508@sac.com>
Mime-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m1QLslui017442
	for <linux-audit@redhat.com>; Tue, 26 Feb 2008 16:54:47 -0500
Received: from mail.sac.com (mailconn4.saccapital.com [167.206.132.44])
	by mx3.redhat.com (8.13.8/8.13.8) with ESMTP id m1QLsH6x031228
	for <linux-audit@redhat.com>; Tue, 26 Feb 2008 16:54:17 -0500
Content-Class: urn:content-classes:message
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

So, I'm looking to audit file access (via syscalls=20
create,open,unlink,etc. because I want every file in the filesystem and=20
do not want to have to specify an audit rule for each dir/file) that are=20
accessed via nfs from the nfs server. It seems, I assume because nfs is=20
in the kernel, that I am not getting any audit messages for those nfs=20
files access.

Is my assumption correct?
Any suggestions for auditing from the nfs server side?

BTW: not a list subscriber, please reply directly.

Thanks
Bob

--=20
Bob Kryger                                        Office: 212-813-8677
Systems/Network Administrator                       Cell: 917-913-6670
SAC Capital, Synapse Group                         email: bobk@sac.com
540 Madison Ave                                      AIM: sacbobk
New York, NY 10022


DISCLAIMER: This e-mail message and any attachments are intended solely f=
or the use of the individual or entity to which it is addressed and may c=
ontain information that is confidential or legally privileged. If you are=
 not the intended recipient, you are hereby notified that any disseminati=
on, distribution, copying or other use of this message or its attachments=
 is strictly prohibited. If you have received this message in error, plea=
se notify the sender immediately and permanently delete this message and =
any attachments.=20