[Samba] monitoring file access levels?
carl at bl.echidna.id.au
Thu May 15 01:22:49 GMT 2008
Michael Heydon wrote:
> Sorry, missed the list.
> There is already an audit VFS module. I don't think it will do quite
> what you want, but I think it would be a better place to start than the
> standard log files.
I've been trying to get that working with the following in the general
section of smb.conf :
log level = 0 vfs:2
log file = /var/log/samba/%U.%m.log
vfs objects = audit
# Put a capping on the size of the log files (in Kb).
max log size = 0
but so far it doesn't seem to be logging what I expected it to (ie:
> You aren't going to prevent access once they reach some limit are you?
> you are just going to email the boss or something? (I would hate to be
> working on some big project, hit the limit and find myself unable to
> save all my work).
Heh, no .. that's what he wants but not what he's getting, he'll get an
alert, that's all. I know this is crazy, but it is his server, so it is
> Also, things like Windows' "search for words in a file" tool will
> basically transfer everything to the client machine, so just remind him
> that monitoring traffic alone is a poor indicator of what is going on.
> Would it be possible to disable USB storage devices and CD/DVD burners
> so they can't get the data onto removable media instead?
Not really, he's just gone a bit paranoid of late, the best solution is
some sort of encryption I think, or just for him to realise that he has
to trust his staff.
More information about the samba