由于缺少SACL、CIFS审核无法按预期工作

最后更新
另存为PDF

Views:: 24

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: nas

Last Updated:

适用场景

ONTAP 9
CIFS审核

问题描述

不会生成文件访问审核事件
- 可能会出现登录和注销事件
文件名未显示在审核事件中
vserver security file-directory 在卷或CIFS共享上不显示SACL

::> vserver security file-directory show -vserver svm_netapp -path /vol_netapp -instance

Vserver: svm_netapp

File Path: /vol_netapp

File Inode Number: 64

Security Style: ntfs

Effective Style: ntfs

DOS Attributes: 10

DOS Attributes in Text: ----D---

Expanded Dos Attributes: -

UNIX User Id: 0

UNIX Group Id: 0

UNIX Mode Bits: 777

UNIX Mode Bits in Text: rwxrwxrwx

ACLs: NTFS Security Descriptor

Control:0x9504

Owner:BUILTIN\Administrators

Group:BUILTIN\Administrators

DACL - ACEs

ALLOW-NT AUTHORITY\SYSTEM-0x1f01ff-OI|CI

ALLOW-BUILTIN\Administrators-0x1f01ff-OI|CI

ALLOW-Everyone-0x1f01ff-OI|CI

审核设置正确：

::*> vserver audit show -vserver svm1 -fields events vserver events ---------- -------------------------------------------------------------------------- svm1 file-ops,cifs-logon-logoff,user-account,security-group,audit-policy-change