Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp958908pxb; Wed, 3 Mar 2021 22:32:49 -0800 (PST) X-Google-Smtp-Source: ABdhPJx5uAKsjn1E4cjvSZ4wfijFpgbWUlOOgtm9pmJocPT6nyPLukN7bUZIn2OtuWsDLxOh0DZ5 X-Received: by 2002:a17:906:ada:: with SMTP id z26mr2598424ejf.438.1614839568813; Wed, 03 Mar 2021 22:32:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614839568; cv=none; d=google.com; s=arc-20160816; b=aERp6CrjSdjRIVYrFa95vmzRcQwHMH5LA20r1dFSifjWfFX8JLgmhI5x6yrtb039q7 4/cfU6SihM5BXseN6sz3eD466z6v5fNUltuz9KYU+zJNDo/M5jNVD1gN/o4eNYu9qOlf S1ivq56Oc6uq+ZqN/KcotcDuTFnwCrVwAHw58D9n7LMD/wUAYxVCyY1LlmhBexsL0ZQi X8OiDf4OcdLynsK+oYzEMbTh/dyujwPLIm6BilR/dA/Kd80cE5gGhuhRJpP78dR2o0RA 4ECDfLwEPVq4sEY7CkN+NSbYjjDNRHw3oXaMZYie8T2fVpoRYfipKJhqtJ5vf1vJnSji J08Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:references:in-reply-to :subject:cc:date:to:from; bh=H7jOpP751sGFRrtYKVbY9rlQplvWg0dDclBzw3moz3k=; b=urbEPJrfewE2n3krCwFP3BPhNjjanrpYkfMIea/T1zRBqNTMDPRbGZkc2qE5cUUGZj TYBkNiv+Yon8ATwfaNWTsKAHmhLJQ1sp+8vyazNvzAN1NtuDbPQGCNfFykDd8RqtkVlp TrWLMWUAX/JISSAmH5ehz6GXti8URJroAEeqX2yIRBhn320neTR1ASnoz1g+QC5yR7jV C4DBF3Nj80rQrL8z16FnbpTQHulsA5IxXWlbEDK+s5K+PEQkqOL6xFPB6VAD0NOrhlrD wVym1+zAd76rCEG2h947SIA0CRWqEU4W8N4I6neNZ5rRdCpHodsQbWPIOS2shf7o/CXV QH1w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y25si16876945edm.396.2021.03.03.22.32.10; Wed, 03 Mar 2021 22:32:48 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244632AbhCBSPj (ORCPT + 99 others); Tue, 2 Mar 2021 13:15:39 -0500 Received: from mx2.suse.de ([195.135.220.15]:49194 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1444718AbhCBCoT (ORCPT ); Mon, 1 Mar 2021 21:44:19 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id B079CABF4; Tue, 2 Mar 2021 02:26:23 +0000 (UTC) From: NeilBrown To: Yongcheng Yang Date: Tue, 02 Mar 2021 13:26:18 +1100 Cc: Steve Dickson , Linux NFS Mailing list Subject: Re: [PATCH 0/5 v2] nfs-utils: provide audit-logging of NFSv4 access In-Reply-To: <20210301034312.GA12690@yoyang-pc.usersys.redhat.com> References: <161456493684.22801.323431390819102360.stgit@noble> <20210301034312.GA12690@yoyang-pc.usersys.redhat.com> Message-ID: <877dmqi94l.fsf@notabene.neil.brown.name> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mon, Mar 01 2021, Yongcheng Yang wrote: > Hi NeilBrown, > > Shall we further add these 2 options (cache-use-ipaddr & ttl) with > their default values to the file /etc/nfs.conf under section [mountd]? > By which the users can find it easier to configure them. > > Also someone may check the mountd "Recognized values" from > nfs.conf(5), the file systemd/nfs.conf.man may also needs to be > updated mentioning "cache-use-ipaddr" and "ttl" IMHO.=20 Excellent suggestion, thanks. I've made those changes and will resend the series. Thanks, NeilBrown > > Thanks, > Yongcheng > > > On Mon, Mar 01, 2021 at 01:17:15PM +1100, NeilBrown wrote: >> V1 of this series didn't update the usage() message for mountd, >> and omited the required ':' after the 'T' sort-option. This=20 >> series fixes those two omissions. >>=20 >> Original series comment: >>=20 >> When NFSv3 is used mountd provides logs of successful and failed mount >> attempts which can be used for auditing. >> When NFSv4 is used there are no such logs as NFSv4 does not have a >> distinct "mount" request. >>=20 >> However mountd still knows about which filesysytems are being accessed >> from which clients, and can actually provide more reliable logs than it >> currently does, though they must be more verbose - with periodic "is >> being accessed" message replacing a single "was mounted" message. >>=20 >> This series adds support for that logging, and adds some related >> improvements to make the logs as useful as possible. >>=20 >> NeilBrown >>=20 >> --- >>=20 >> NeilBrown (5): >> mountd: reject unknown client IP when !use_ipaddr. >> mountd: Don't proactively add export info when fh info is requeste= d. >> mountd: add logging for authentication results for accesses. >> mountd: add --cache-use-ipaddr option to force use_ipaddr >> mountd: make default ttl settable by option >>=20 >>=20 >> support/export/auth.c | 4 +++ >> support/export/cache.c | 32 +++++++++++------ >> support/export/v4root.c | 3 +- >> support/include/exportfs.h | 3 +- >> support/nfs/exports.c | 4 ++- >> utils/mountd/mountd.c | 30 +++++++++++++++- >> utils/mountd/mountd.man | 70 ++++++++++++++++++++++++++++++++++++++ >> 7 files changed, 131 insertions(+), 15 deletions(-) >>=20 >> -- >> Signature >>=20 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJCBAEBCAAsFiEEG8Yp69OQ2HB7X0l6Oeye3VZigbkFAmA9oksOHG5laWxiQHN1 c2UuZGUACgkQOeye3VZigbljsQ/+P8sYq4w/PVHoJHPSSWBSRrJRiXc14bG7ivlN EbBRywI1PrhrGUvu5vrTR1EV8PV4HPXYz8ZbSKUZ6oweDy/7n7MaMZTtpvrZIR3V bz7g8ctjZh6VOb6OxpoDjQgw3fx3ow+X3nQkQCYdYCWnOATlozPvd988XaXtBq7V mWD3CCb9xQ32YiyhUDTxi0Awdnfo6iM0r8iuy1QfTV7YcluiVCtrZPZdXL7Gl9fk XnSI29wPQ95TxZMSnVumWF0VPuhufaJaw0dK99LYKVr1zUlORgCWBdLJi1PEDVkG B+DuqRVR/yPKQsyhEMacOTqmANKooSG/SVL8oRBDpOMqbPSZ/EEA/qLWA+hEpNyy aAUnnAav6/6X6Ldxo25th+sz0EtiiKJfsn0GZahPuPPpGJh6zpCzHMUJY3N+P/ST xCC581YOZGSxbb8qiJyqGR8Q8mXlgJnyu5NCFhVOmCiOv45cyAlltizxbZzSD1IX +rChgis0j8r+VALxvwc06XZYwuk2hezqijj3QQKGJ4vp/m6rkYQhxd6fmyCWGQ8Q iESGFOjmhgyYwJ0vVacCke4VlxJ86KRvlNNhn5OCk0YWECQ9tsmx5oI2r9cQpKlY w0npk753dJdLZm1brxjq8wuvsLn8orF5nFVrSCt4kxCFnlXeJ0EhXttnTw96Cbj+ Ff3WHVY= =H6IU -----END PGP SIGNATURE----- --=-=-=--