NFS Share Monitoring

GuardMode supports monitoring of NFS (Network File System) shares.

To enable NFS share monitoring:

Mount NFS Share: Ensure the NFS share is correctly mounted on the NFS client machine.
Restart Auditd: After mounting, restart the audit daemon using the following command:

systemctl restart auditd

If events related to the NFS share are not appearing in the event reports, verify the audit system's status by running:

auditctl -s

Ensure the value enabled is set to 1, indicating active monitoring.

Tip. Ifenabled is set to 2, reloading audit rules using systemctl restart auditd will not work.

Last updated 1 month ago