[Samba] Security Policy.
Agustin Eguia
agustin.eguia at gmail.com
Thu Jul 16 02:48:00 MDT 2009
I don't think that saying RTFM is the best approach... but anyway...
I already readed the manual and found the information given there
somewhat confusing at least for people who hasn't been working with
samba for a long time. I edited my smb.conf file and added the
following lines :
[records]
vfs objects = full_audit
path = /shared/records
full_audit:prefix = %u|%I|%T|%M|%m
full_audit:success = open opendir read readdir rmdir sendfile
write chmod chmod_acl chown connect disconnect mkdir
full_audit:failure = all
I restarted the smb service but there are no log files to be found at
the path I gave, am I missing something ? Also I don't know in the
following line "full_audit:facility = LOCAL7" what LOCAL7 stands for.
I tryed opening various files on the shares from another computer and
nothing happened
Thanks,
A.
Le 15-juil.-09 à 21:52, Linux Addict a écrit :
>
>
> On Wed, Jul 15, 2009 at 8:38 AM, Agustin Eguia <agustin.eguia at gmail.com
> > wrote:
> Already did that,
>
> What I don't get is where do I enable the module, is it in
> smb.conf ? I suppose it will run with the smbd daemon, and that I
> can define wich share will be logged... but I really don't know
> where to configure this.
>
>
> Thanks,
>
>
> A.
>
>
> Le 15-juil.-09 à 14:33, Volker Lendecke a écrit :
>
>
> On Wed, Jul 15, 2009 at 02:23:49PM +0200, Agustin Eguia wrote:
> Can you be more explicit about this module ? I searched the net but
> found only confusing things about it. Can it log every file, folder
> read/write access on the share ? This is mostly for security
> purposes. I
> found that this is a samba module, but how do I use it, set it up,
> etc.
>
> Yes, it can log every file operation that Samba ever does.
>
> "man vfs_full_audit"
>
> contains an example of its use.
>
> Volker
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
> Yes. Its on smb.conf and part of samba already. You dont need to
> enable anything.
>
> Use smb.conf directive "vfs objects = ".
>
> [records]
> path = /data/records
> vfs objects = full_audit
> full_audit:prefix = %u|%I
> full_audit:success = open opendir
> full_audit:failure = all
> full_audit:facility = LOCAL7
> full_audit:priority = ALERT
>
> If you have any questions, please RTFM again.
>
More information about the samba
mailing list