audit + php-fpm
Steve Grubb
sgrubb at redhat.com
Mon Oct 7 18:45:18 UTC 2013
On Sunday, October 06, 2013 12:45:05 AM ja ja wrote:
> Auditd can't catch changes make by php-fpm, when I use bash everything
> works fine but when I use script like this :
> <?php
> mkdir('kat123');
> ?>
> audit.log show nothing
> This is my audit.rules :
> -a exit,never -F dir=/var/www/temp/
> -a exit,always -F dir=/var/www/ -F perm=wa -k www
> How does PHP-FPM alter a file and escape detection by auditd? Is this
> auditd bug.
Not knowing anything about php-fpm...is there any chance that the content it
accesses is outside of /var/www? Do you have any mount points or symlinks
somewhere in the /var/www/ directory tree?
-Steve
More information about the Linux-audit
mailing list