[OpenAFS] Full path in audit log

Jonathan Billings jsbillin@umich.edu
Mon, 8 Dec 2014 10:14:42 -0500 

--001a11340138d1ccdf0509b5e25f
Content-Type: text/plain; charset=UTF-8

On Mon, Dec 8, 2014 at 10:05 AM, Kevin Lemonnier <
kevin.lemonnier@cognix-systems.com> wrote:

> What we do currently is using inotify to perform tasks on created /
> modified files, and I was told that it obviously wouldn't work with
> OpenAFS, but that it was possible to get with the audit log an equivalent.
>

Do you mean using auditd to use audit rules to monitor events (read, write,
execute) on a file or directory in AFS?  We are using auditd to monitor
executions out of a couple directories in AFS.

We just have something like this in our audit.rules file:

#log executions out of afs
-a always,exit  -F dir=/afs/cell/.... -F perm=x -k afs_bindir



-- 
Jonathan Billings <jsbillin@umich.edu>
College of Engineering - CAEN - Unix and Linux Support

--001a11340138d1ccdf0509b5e25f
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On M=
on, Dec 8, 2014 at 10:05 AM, Kevin Lemonnier <span dir=3D"ltr">&lt;<a href=
=3D"mailto:kevin.lemonnier@cognix-systems.com" target=3D"_blank">kevin.lemo=
nnier@cognix-systems.com</a>&gt;</span> wrote:<br><blockquote class=3D"gmai=
l_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-lef=
t-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div id=
=3D":xi" class=3D"" style=3D"overflow:hidden">What we do currently is using=
 inotify to perform tasks on created /<br>
modified files, and I was told that it obviously wouldn&#39;t work with<br>
OpenAFS,=C2=A0but that it was possible to get with the audit log an equival=
ent.</div></blockquote></div><br>Do you mean using auditd to use audit rule=
s to monitor events (read, write, execute) on a file or directory in AFS?=
=C2=A0 We are using auditd to monitor executions out of a couple directorie=
s in AFS.</div><div class=3D"gmail_extra"><br></div><div class=3D"gmail_ext=
ra">We just have something like this in our audit.rules file:</div><div cla=
ss=3D"gmail_extra"><br></div><div class=3D"gmail_extra"><div class=3D"gmail=
_extra">#log executions out of afs</div><div class=3D"gmail_extra">-a alway=
s,exit =C2=A0-F dir=3D/afs/cell/.... -F perm=3Dx -k afs_bindir</div><div><b=
r></div></div><div class=3D"gmail_extra"><br></div><div class=3D"gmail_extr=
a"><br>-- <br><div class=3D"gmail_signature">Jonathan Billings &lt;<a href=
=3D"mailto:jsbillin@umich.edu" target=3D"_blank">jsbillin@umich.edu</a>&gt;=
<br>College of Engineering - CAEN - Unix and Linux Support<br><br></div>
</div></div>

--001a11340138d1ccdf0509b5e25f--