[Samba] samba file access rate limiting
jra at samba.org
Tue Dec 6 17:45:10 UTC 2022
On Tue, Dec 06, 2022 at 01:44:09PM +0100, Petr via samba wrote:
>I have one share with sensitive data and there is many employees with
>access to that share. I need to ban users trying to copy files from
>share to other place but users normally editing files left without any
>I want to set proper logging and set fail2ban to ban user accessing
>too many files in some time limit.
>I have not find solution how to set samba to log every file access.
>The current configuration snippet is below.
>vfs objects = full_audit
>full_audit:prefix = %u|%I
>full_audit:success = create_file
>Problem is that it logs directory access too and sometimes it
>generates many duplicite lines and it will be hard to define correct
>regex for fail2ban.
>Do you have any advice how to properly set file reading logging?
How can you tell the difference between users copying
files and users who are editing in place ?
I must confess I can't see how you're going to do
this even with perfect logging. Doesn't it depend
on the editor the clients are using too ?
Can you explain a little more ?
More information about the samba