[PATCH] samba3 auditing server-side
Guenther Deschner
gd at samba.org
Wed Apr 12 11:12:54 GMT 2006
Hi,
On Wed, Apr 12, 2006 at 09:33:44AM +0200, Stefan (metze) Metzmacher wrote:
> Guenther Deschner schrieb:
> > Hi,
> >
> > Jeremy, Lars and me recently discussed how we could have exact tracking of
> > auditable events in the samba3 code. As we now understand better how to
> > remotely manage auditing policies, here is draft patch of how we could do
> > the server-side of auditing.
> >
> > The patch just works for ldapsam (the auditing settings are replicated
> > between DCs). That way, we could add the matching audit events with the
> > correct event IDs (which are mostly well known and documented) using
> > AUDIT_SUCCESS/AUDIT_FAILURE calls where appropriate in a very similar
> > manner as windows does.
> >
> > It would be then rather easy to have a kind of "audit backend" parameter
> > to send the audit events not only to the DEBUG macro but also to syslog or
> > any other kind of auditing framework.
>
> Hi Guenther,
>
> does this auditing also has to do with the SACL auditing or is this
> completly different?
It would just enable the SACL auditing (by enabling the
LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS category). The way we end up
implementing SACLs is completly independent from the policy
infrastructure which would just control: "do SACL auditing for success,
failure, both or not at all".
> Does Windows machines return NT_STATUS_AUDIT_FAILED to the client,
> if the auditing fails?
This I don't know yet, that was just a wild guess. Maybe
NT_STATUS_AUDIT_FAILED will be returned when the eventlog is full and has
to shutdown. This needs research.
> Maybe AUDIT_SUCCESS() and AUDIT_FAILURE() should
> be just void functions...
Yep, that's right.
Thanks,
Guenther
--
Günther Deschner GPG-ID: 8EE11688
Novell / SUSE LINUX gd at suse.de
Samba Team gd at samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060412/e3293b40/attachment.bin
More information about the samba-technical
mailing list