Configure auditing for UNIX security style files and directories

Contributors

You configure auditing for UNIX security style files and directories by adding audit ACEs to NFSv4.x ACLs. This allows you to monitor certain NFS file and directory access events for security purposes.

About this task

For NFSv4.x, both discretionary and system ACEs are stored in the same ACL. They are not stored in separate DACLs and SACLs. Therefore, you must exercise caution when adding audit ACEs to an existing ACL to avoid overwriting and losing an existing ACL. The order in which you add the audit ACEs to an existing ACL does not matter.

Steps
  1. Retrieve the existing ACL for the file or directory by using the nfs4_getfacl or equivalent command.

    For more information about manipulating ACLs, see the man pages of your NFS client.

  2. Append the desired audit ACEs.

  3. Apply the updated ACL to the file or directory by using the nfs4_setfacl or equivalent command.