Score:0

Auditing specific route table operations

ge flag

Does Linux have a way to audit operations run against a specific route table?

I have the following config in my custom route table:

default dev tun0 scope link
192.168.100.0/28 dev eth0 scope link

for an unknown reason some processes remove the default entry. I would like to find out the guilty.

Is there a way to audit operations run against a route table?

A.B avatar
cl flag
A.B
You can find *when* it happens simply with `ip -ts monitor route`. As it's related to addresses too, `ip -ts monitor` should be preferable (but with more output)
Score:1
cn flag

On Linux, if rtmon -ts was running when the change was made, that can tell you when and what, but not who. I doubt who is easy to get.

While you could go through login history and config file backups to try and piece together who, seems more useful to get a better change control procedure for the future.

Tell everyone that could have changed this how they overwrote your config. Get desired configuration into whatever automation tool you use. Log privilaged access. Personally, I would want to be accountable with a personal login, and have an answer for what I was doing in a sudo -u root -i session.


FYI, "Linux" is not specific enough. A wide variety of network management scripts and routing protocols for Linux exist, supporting every use case from servers (ifcfg scripts, systemd-networkd) to routers (VyOS, DANOS, OpenWRT) to desktops (NetworkManager via dbus).

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.