NFS Share Monitoring
GuardMode supports monitoring of NFS (Network File System) shares.
Setting up NFS share monitoring
To enable NFS share monitoring:
- Mount NFS Share: Ensure the NFS share is correctly mounted on the NFS client machine.
- Restart Auditd: After mounting, restart the audit daemon using the following command:
systemctl restart auditd
NFS share monitoring troubleshooting
If events related to the NFS share are not appearing in the event reports, verify the audit system's status by running:
auditctl -s
Ensure the value enabled is set to 1, indicating active monitoring.
Tip.
Ifenabled is set to 2, reloading audit rules using systemctl restart auditd will not work.