[Samba] Security Policy.

Agustin Eguia agustin.eguia at gmail.com
Thu Jul 16 02:48:00 MDT 2009 

I don't think that saying RTFM is the best approach... but anyway...

I already readed the manual and found the information given there  
somewhat confusing at least for people who hasn't been working with  
samba for a long time. I edited my smb.conf file and added the  
following lines :

[records]
         vfs objects = full_audit
         path = /shared/records
         full_audit:prefix = %u|%I|%T|%M|%m
         full_audit:success = open opendir read readdir rmdir sendfile  
write chmod chmod_acl chown connect disconnect mkdir
         full_audit:failure = all

I restarted the smb service but there are no log files to be found at  
the path I gave, am I missing something ? Also I don't know in the  
following line "full_audit:facility = LOCAL7" what LOCAL7 stands for.  
I tryed opening various files on the shares from another computer and  
nothing happened


Thanks,


A.


Le 15-juil.-09 à 21:52, Linux Addict a écrit :

>
>
> On Wed, Jul 15, 2009 at 8:38 AM, Agustin Eguia <agustin.eguia at gmail.com 
> > wrote:
> Already did that,
>
> What I don't get is where do I enable the module, is it in  
> smb.conf ? I suppose it will run with the smbd daemon, and that I  
> can define wich share will be logged... but I really don't know  
> where to configure this.
>
>
> Thanks,
>
>
> A.
>
>
> Le 15-juil.-09 à 14:33, Volker Lendecke a écrit :
>
>
> On Wed, Jul 15, 2009 at 02:23:49PM +0200, Agustin Eguia wrote:
> Can you be more explicit about this module ? I searched the net but
> found only confusing things about it. Can it log every file, folder
> read/write access on the share ? This is mostly for security  
> purposes. I
> found that this is a samba module, but how do I use it, set it up,  
> etc.
>
> Yes, it can log every file operation that Samba ever does.
>
> "man vfs_full_audit"
>
> contains an example of its use.
>
> Volker
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
> Yes. Its on smb.conf and part of samba already. You dont need to  
> enable anything.
>
> Use smb.conf directive  "vfs objects = ".
>
>      [records]
>                 path = /data/records
>                 vfs objects = full_audit
>                 full_audit:prefix = %u|%I
>                 full_audit:success = open opendir
>                 full_audit:failure = all
>                 full_audit:facility = LOCAL7
>                 full_audit:priority = ALERT
>
> If you have any questions, please RTFM again.
>

More information about the samba mailing list