* audit + php-fpm
@ 2013-10-05 22:45 ja ja
2013-10-07 18:45 ` Steve Grubb
0 siblings, 1 reply; 2+ messages in thread
From: ja ja @ 2013-10-05 22:45 UTC (permalink / raw)
To: linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 359 bytes --]
Auditd can't catch changes make by php-fpm, when I use bash everything
works fine but when I use script like this :
<?php
mkdir('kat123');
?>
audit.log show nothing
This is my audit.rules :
-a exit,never -F dir=/var/www/temp/
-a exit,always -F dir=/var/www/ -F perm=wa -k www
How does PHP-FPM alter a file and escape detection by auditd? Is this
auditd bug.
[-- Attachment #1.2: Type: text/html, Size: 452 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: audit + php-fpm
2013-10-05 22:45 audit + php-fpm ja ja
@ 2013-10-07 18:45 ` Steve Grubb
0 siblings, 0 replies; 2+ messages in thread
From: Steve Grubb @ 2013-10-07 18:45 UTC (permalink / raw)
To: linux-audit
On Sunday, October 06, 2013 12:45:05 AM ja ja wrote:
> Auditd can't catch changes make by php-fpm, when I use bash everything
> works fine but when I use script like this :
> <?php
> mkdir('kat123');
> ?>
> audit.log show nothing
> This is my audit.rules :
> -a exit,never -F dir=/var/www/temp/
> -a exit,always -F dir=/var/www/ -F perm=wa -k www
> How does PHP-FPM alter a file and escape detection by auditd? Is this
> auditd bug.
Not knowing anything about php-fpm...is there any chance that the content it
accesses is outside of /var/www? Do you have any mount points or symlinks
somewhere in the /var/www/ directory tree?
-Steve
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-10-07 18:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-10-05 22:45 audit + php-fpm ja ja
2013-10-07 18:45 ` Steve Grubb
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.