Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp162012pxb; Wed, 24 Feb 2021 22:06:07 -0800 (PST) X-Google-Smtp-Source: ABdhPJx7De0D2jM2uCxALupRBxKlQ9rcpsV9tCgK9d8SMtmtw8TimZlSUKDSqdANKI4lI9JbJaO0 X-Received: by 2002:a05:6402:3582:: with SMTP id y2mr1284139edc.345.1614233167662; Wed, 24 Feb 2021 22:06:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614233167; cv=none; d=google.com; s=arc-20160816; b=ZDB5/PuVXLq2DNP1d+Z2OmT/ItWMwtdILZWgKI+QnkXO8fFKAZHS5H8NTtqOKr/lY6 LjdWkri7If54NwjW1+/vtqQp8g4JK2iqMGCOTeT8y/kWIMU2qzG4OFgUr+04/MJ+WO51 +lTRuOYQsn7dCBsEAU6nyF+iN8VdTg9AHNxlqIxjjP2eGWWOmntmnZPTD3m+bJEPhaP0 I3yhdGAxaFXMWrSaXhYdOahBgC4qansgF+QvimaJRI1rBJVIKbKZpUZXifZ8rGm139X4 VM30G/zYUtBTZlvuRGCUn0wQ4GizYum7z/A5KFcsJJqgJbGEs/+SWzWkd3YWEzIb5fbu bDMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:message-id:cc:subject:date:to:from; bh=EhnlD3wndELAzj7V8dp41LZASgyswAND5fteq6FYXSw=; b=F2PuGLB9hCIeCjF4t3Law09qpfZsR86B/ayQZ2xDKJwHuIv5zizqKfp+YElGhkSPpv +p9Z3WeCd/X/cXPr0tC3B+RYws8VLmwmvTl2ac+iBzKvTFDerS4lBz6HgUVCFYrERedq 2cJY6kc0s2XnvguPQjQRiENqH51Me1K4CQ42U0dSFEM8mFnjLtYSr0V7Yx0jercbYbDV jW+o13jEZL1MB2B8wSuP+GXQ4C2Hcyo9e+VZP/8zFxEXzajHS46bdDPRVWdrDbf3jiE3 53Znm61GZiYpr3bAuEVympvFm3KKRYkO7zQq+jWpxvo+BHnpa4EgmCfFp/A953VmNk9L +9Iw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s11si2639858edr.584.2021.02.24.22.05.45; Wed, 24 Feb 2021 22:06:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236765AbhBYCny (ORCPT + 99 others); Wed, 24 Feb 2021 21:43:54 -0500 Received: from mx2.suse.de ([195.135.220.15]:41930 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234384AbhBYCnx (ORCPT ); Wed, 24 Feb 2021 21:43:53 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id A73E5AD5C; Thu, 25 Feb 2021 02:43:10 +0000 (UTC) From: NeilBrown To: Steve Dickson Date: Thu, 25 Feb 2021 13:42:47 +1100 Subject: [PATCH 0/5] nfs-utils: provide audit-logging of NFSv4 access Cc: Linux NFS Mailing list Message-ID: <161422077024.28256.15543036625096419495.stgit@noble> User-Agent: StGit/0.23 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org When NFSv3 is used mountd provides logs of successful and failed mount attempts which can be used for auditing. When NFSv4 is used there are no such logs as NFSv4 does not have a distinct "mount" request. However mountd still knows about which filesysytems are being accessed from which clients, and can actually provide more reliable logs than it currently does, though they must be more verbose - with periodic "is being accessed" message replacing a single "was mounted" message. This series adds support for that logging, and adds some related improvements to make the logs as useful as possible. NeilBrown --- NeilBrown (5): mountd: reject unknown client IP when !use_ipaddr. mountd: Don't proactively add export info when fh info is requested. mountd: add logging for authentication results for accesses. mountd: add --cache-use-ipaddr option to force use_ipaddr mountd: make default ttl settable by option support/export/auth.c | 4 +++ support/export/cache.c | 32 +++++++++++------ support/export/v4root.c | 3 +- support/include/exportfs.h | 3 +- support/nfs/exports.c | 4 ++- utils/mountd/mountd.c | 29 +++++++++++++++- utils/mountd/mountd.man | 70 ++++++++++++++++++++++++++++++++++++++ 7 files changed, 130 insertions(+), 15 deletions(-) -- Signature