Re: [Samba] Security Policy.

[Agustin Eguia]

I don't think that saying RTFM is the best approach... but anyway...
I already readed the manual and found the information given there  
somewhat confusing at least for people who hasn't been working with  
samba for a long time. I edited my smb.conf file and added the  
following lines :

[records]
        vfs objects = full_audit
        path = /shared/records
        full_audit:prefix = %u|%I|%T|%M|%m
        full_audit:success = open opendir read readdir rmdir sendfile  
write chmod chmod_acl chown connect disconnect mkdir
        full_audit:failure = all

I restarted the smb service but there are no log files to be found at  
the path I gave, am I missing something ? Also I don't know in the  
following line "full_audit:facility = LOCAL7" what LOCAL7 stands for.  
I tryed opening various files on the shares from another computer and  
nothing happened


Thanks,


A.


Le 15-juil.-09 à 21:52, Linux Addict a écrit :



On Wed, Jul 15, 2009 at 8:38 AM, Agustin Eguia <agustin.eg...@gmail.com 
> wrote:
Already did that,

What I don't get is where do I enable the module, is it in  
smb.conf ? I suppose it will run with the smbd daemon, and that I  
can define wich share will be logged... but I really don't know  
where to configure this.


Thanks,


A.


Le 15-juil.-09 à 14:33, Volker Lendecke a écrit :


On Wed, Jul 15, 2009 at 02:23:49PM +0200, Agustin Eguia wrote:
Can you be more explicit about this module ? I searched the net but
found only confusing things about it. Can it log every file, folder
read/write access on the share ? This is mostly for security  
purposes. I
found that this is a samba module, but how do I use it, set it up,  
etc.

Yes, it can log every file operation that Samba ever does.

"man vfs_full_audit"

contains an example of its use.

Volker

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Yes. Its on smb.conf and part of samba already. You dont need to  
enable anything.

Use smb.conf directive  "vfs objects = ".

     [records]
                path = /data/records
                vfs objects = full_audit
                full_audit:prefix = %u|%I
                full_audit:success = open opendir
                full_audit:failure = all
                full_audit:facility = LOCAL7
                full_audit:priority = ALERT

If you have any questions, please RTFM again.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba