Due the recent Illumos audit improvements in
https://www.illumos.org/issues/11873 I tried smb user and file auditing.
What I have done:
1. enable auditd with class sa,lo,fm
2. add a trivial audit acl to a filesystem
3. connect to the SMB share from Win 10, add, edit, remove some files
4. check audit log files but no events for smbd, user or files
Due the issue tracker 11873 smb user auditing is at 100% since a few
months. As I asume its not yet in OmniOS I made this tests in
OpenIndiana updated to newest. The question is now, is 11873 already in
Illumos or have I missed something?
btw.
Beside user auditing I tried filesystem monitoring with newest fswatch
(compiles without problem on OmniOS with gcc-10),
https://github.com/emcrisostomo/fswatch. Auditing + Monitoring seems a
perfect pair.
Steps I have done in current napp-it 23.dev, see
www.napp-it.org/doc/downloads/User_auditing_and_filesystem_monitoring.pdf
------------------------------------------
illumos: illumos-discuss
Permalink:
https://illumos.topicbox.com/groups/discuss/T26eff7b6bd902a5e-M614b8dd86b37e5692036c714
Delivery options: https://illumos.topicbox.com/groups/discuss/subscription
