Bug#1007835: marked as done (samba: Full audit logs all activity instead of selected only -- error after upgrade from buster to bullseye)

Mon, 14 Nov 2022 06:33:23 -0800 

Your message dated Mon, 14 Nov 2022 17:31:28 +0300
with message-id <[email protected]>
and subject line Re: Bug#1007835: samba: Full audit logs all activity instead 
of selected only -- error after upgrade from buster to bullseye
has caused the Debian Bug report #1007835,
regarding samba: Full audit logs all activity instead of selected only -- error 
after upgrade from buster to bullseye
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1007835: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007835
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: samba
Version: 2:4.13.13+dfsg-1~deb11u3
Severity: normal

After upgrade from buster to bullseye samba full audit started to log ALL 
activity
despite opitons in /etc/samba/smb.conf stayed the same.

There are two options in /etc/samba/smb.conf

        vfs objects = full_audit
        full_audit:success = mkdir rmdir open rename unlink

Then I rename file from "old" to "new" and logs show:

Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|renameat|ok|/home/leszek/Prywatny/aa/old|/home/leszek/Prywatny/aa/new
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|close|ok|/home/leszek/Prywatny/aa/new
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|stat|ok|/home/leszek/Prywatny/aa/new
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|getxattr|ok|/home/leszek/Prywatny/aa/new|user.DOSATTRIB
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|get_dos_attributes|ok|/home/leszek/Prywatny/aa/new
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|file_id_create|ok|26:54616484:0
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|stat|ok|/home/leszek/Prywatny/aa/new
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|sys_acl_get_file|ok|/home/leszek/Prywatny/aa/new
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|sys_acl_get_file|ok|/home/leszek/Prywatny/aa/new
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|get_nt_acl_at|ok|/home/leszek/Prywatny/aa/new
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|stat|ok|/home/leszek/Prywatny/aa/new
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|sys_acl_get_file|ok|/home/leszek/Prywatny/aa/new
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|sys_acl_get_file|ok|/home/leszek/Prywatny/aa/new
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|get_nt_acl_at|ok|/home/leszek/Prywatny/aa/new
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|file_id_create|ok|26:54616484:0
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|stat|ok|/home/leszek/Prywatny
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|file_id_create|ok|26:64129:0
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|stat|ok|/home/leszek/Prywatny
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|chdir|ok|chdir|/home/leszek/Prywatny/aa/new
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|stat|ok|/home/leszek/Prywatny
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|file_id_create|ok|26:54616484:0
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|getwd|ok|/home/leszek/Prywatny/aa/new
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|file_id_create|ok|26:54616484:0
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|realpath|ok|/home/leszek/Prywatny/aa/new
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|connectpath|ok|/home/leszek/Prywatny/aa/new
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|openat|ok|r|/home/leszek/Prywatny/aa/new
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|chdir|ok|chdir|/home/leszek/Prywatny
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|stat|ok|/home/leszek/Prywatny/aa/new
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|file_id_create|ok|26:64129:0
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|stat|ok|/home/leszek/Prywatny
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|fstat|ok|/home/leszek/Prywatny/aa/new
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|create_file|ok|0x80|file|open|/home/leszek/Prywatny/aa/new
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|getxattr|ok|/home/leszek/Prywatny/aa/new|user.DOSATTRIB
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|get_dos_attributes|ok|/home/leszek/Prywatny/aa/new
Mar 17 16:40:27 wawel smbd_audit: leszek|192.168.18.35|get_alloc_size|ok|0
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|fstat|ok|/home/leszek/Prywatny/aa/new
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|file_id_create|ok|26:54616484:0
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|getxattr|ok|/home/leszek/Prywatny/aa/new|user.DOSATTRIB
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|get_dos_attributes|ok|/home/leszek/Prywatny/aa/new
Mar 17 16:40:27 wawel smbd_audit: leszek|192.168.18.35|get_alloc_size|ok|0
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|fs_file_id|ok|10992394656229373408
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|flistxattr|ok|/home/leszek/Prywatny/aa/new
Mar 17 16:40:27 wawel smbd_audit: 
leszek|192.168.18.35|close|ok|/home/leszek/Prywatny/aa/new




-- Package-specific info:
* /etc/samba/smb.conf present, and attached
* /var/lib/samba/dhcp.conf present, and attached

-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-12-amd64 (SMP w/8 CPU threads)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages samba depends on:
ii  adduser              3.118
ii  dpkg                 1.20.9
ii  init-system-helpers  1.60
ii  libbsd0              0.11.3-1
ii  libc6                2.31-13+deb11u2
ii  libgnutls30          3.7.1-5
ii  libldb2              2:2.2.3-2~deb11u1
ii  libpam-modules       1.4.0-9+deb11u1
ii  libpam-runtime       1.4.0-9+deb11u1
ii  libpopt0             1.18-2
ii  libpython3.9         3.9.2-1
ii  libtalloc2           2.3.1-2+b1
ii  libtasn1-6           4.16.0-2
ii  libtdb1              1.4.3-1+b1
ii  libtevent0           0.10.2-1
ii  libwbclient0         2:4.13.13+dfsg-1~deb11u3
ii  lsb-base             11.1.0
ii  procps               2:3.3.17-5
ii  python3              3.9.2-3
ii  python3-dnspython    2.0.0-1
ii  python3-samba        2:4.13.13+dfsg-1~deb11u3
ii  samba-common         2:4.13.13+dfsg-1~deb11u3
ii  samba-common-bin     2:4.13.13+dfsg-1~deb11u3
ii  samba-libs           2:4.13.13+dfsg-1~deb11u3
ii  tdb-tools            1.4.3-1+b1

Versions of packages samba recommends:
pn  attr                <none>
ii  logrotate           3.18.0-2
pn  python3-markdown    <none>
pn  samba-dsdb-modules  <none>
ii  samba-vfs-modules   2:4.13.13+dfsg-1~deb11u3

Versions of packages samba suggests:
ii  bind9                     1:9.16.22-1~deb11u1
ii  bind9-utils [bind9utils]  1:9.16.22-1~deb11u1
pn  ctdb                      <none>
pn  ldb-tools                 <none>
ii  ntp                       1:4.2.8p15+dfsg-1
pn  smbldap-tools             <none>
pn  ufw                       <none>
pn  winbind                   <none>

-- Configuration Files:
/etc/logrotate.d/samba changed:
/var/log/samba/log.smbd {
        daily
        missingok
        rotate 90
        postrotate
                [ ! -x /usr/bin/smbcontrol ] || [ ! -f /run/samba/smbd.pid ] || 
/usr/bin/smbcontrol smbd reload-config
        endscript
        compress
        delaycompress
        notifempty
}
/var/log/samba/log.nmbd {
        daily
        missingok
        rotate 90
        postrotate
                [ ! -x /usr/bin/smbcontrol ] || [ ! -f /run/samba/nmbd.pid ] || 
/usr/bin/smbcontrol nmbd reload-config
        endscript
        compress
        delaycompress
        notifempty
}
/var/log/samba/log.samba {
        daily
        missingok
        rotate 90
        postrotate
                if [ -d /run/systemd/system ] && command systemctl >/dev/null 2>&1 
&& systemctl is-active --quiet samba-ad-dc; then
                        systemctl kill --kill-who all --signal=SIGHUP 
samba-ad-dc
                elif [ -f /run/samba/samba.pid ]; then
                        # This only sends to main pid, See #803924
                        kill -HUP `cat /run/samba/samba.pid`
                fi
        endscript
        compress
        delaycompress
        notifempty
}


-- debconf information:
* samba/tdbsam: true
  samba/nmbd_from_inetd:
  samba/generate_smbpasswd: false
* samba/log_files_moved:
  samba-common/title:
* samba/run_mode: daemons

--- End Message ---
--- Begin Message --- 
Version: 2:4.16.0+dfsg-1

On Fri, 18 Mar 2022 08:58:55 +1300 Andrew Bartlett <[email protected]> wrote:

The names of the functions changed.  Ideally we would have had an alias
when we added to "at" to the end, but nobody added that

...

This should be correct in the docs now, at least for current versions
(I've not checked 4.13). 

Let's close this bug report now, personally I see no reason to keep it open.
The things do change, and some specific things like syscall-level audit needs
adjustments, this is quite normal I'd say, including the aliases for functions
used in the past.

If you think this is incorrect, feel free to reopen this bug report.

Thanks,

/mjt

--- End Message ---

Reply via email to