Samba and AuditD
Alan Evangelista
alan.vitor at gmail.com
Wed Feb 10 20:41:45 UTC 2021
I have installed audit 2.8.5 on a CentOS 7 and set up the following rule in
/etc/audit/rules.d/audit.rules:
-w /data
/data is shared via Samba to a Windows Server 2016 system. If I write to
/data in the CentOS7 system, I get the open syscall event in the auditd
log. If I write to the same directory in the Windows Server 2016, I see the
file in the /data directory in the CentOS7 system, but the event is not
logged by audit. Is that the expected behavior?
Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20210210/87a26b84/attachment.htm>
More information about the Linux-audit
mailing list