Re: audit + php-fpm
On Sunday, October 06, 2013 12:45:05 AM ja ja wrote:
Auditd can't catch changes make by php-fpm, when I use bash
everything
works fine but when I use script like this :
<?php
mkdir('kat123');
?>
audit.log show nothing
This is my audit.rules :
-a exit,never -F dir=/var/www/temp/
-a exit,always -F dir=/var/www/ -F perm=wa -k www
How does PHP-FPM alter a file and escape detection by auditd? Is this
auditd bug.
Not knowing anything about php-fpm...is there any chance that the content it
accesses is outside of /var/www? Do you have any mount points or symlinks
somewhere in the /var/www/ directory tree?
-Steve