Auditing specific route table operations

Mazzy

12/6/22, 11:04 PM

Does Linux have a way to audit operations run against a specific route table?

I have the following config in my custom route table:

default dev tun0 scope link
192.168.100.0/28 dev eth0 scope link

for an unknown reason some processes remove the default entry. I would like to find out the guilty.

Is there a way to audit operations run against a route table?

1 + 1

route

iproute2

A.B

12/8/22, 12:56 AM

You can find *when* it happens simply with `ip -ts monitor route`. As it's related to addresses too, `ip -ts monitor` should be preferable (but with more output)

Score:1

Server

John Mahowald

12/8/22, 6:03 PM

On Linux, if rtmon -ts was running when the change was made, that can tell you when and what, but not who. I doubt who is easy to get.

While you could go through login history and config file backups to try and piece together who, seems more useful to get a better change control procedure for the future.

Tell everyone that could have changed this how they overwrote your config. Get desired configuration into whatever automation tool you use. Log privilaged access. Personally, I would want to be accountable with a personal login, and have an answer for what I was doing in a sudo -u root -i session.

FYI, "Linux" is not specific enough. A wide variety of network management scripts and routing protocols for Linux exist, supporting every use case from servers (ifcfg scripts, systemd-networkd) to routers (VyOS, DANOS, OpenWRT) to desktops (NetworkManager via dbus).

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Auditing specific route table operations

TH: ตรวจสอบการดำเนินงานตารางเส้นทางเฉพาะ

RO: Auditarea operațiunilor specifice tabelului de rute

RU: Аудит определенных операций с таблицей маршрутов

VI: Kiểm tra các hoạt động của bảng lộ trình cụ thể

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.