0 оценок0% нашли этот документ полезным (0 голосов)
61 просмотров1 страница
Full monitoring of Samba users has been implemented at Bry-air. Samba logs can now be found in /var/log/samba-audit.log and home directories have sticky bits set so users can only modify their own files. Amit Sir has been asked to document this in the wiki for future reference.
Full monitoring of Samba users has been implemented at Bry-air. Samba logs can now be found in /var/log/samba-audit.log and home directories have sticky bits set so users can only modify their own files. Amit Sir has been asked to document this in the wiki for future reference.
Full monitoring of Samba users has been implemented at Bry-air. Samba logs can now be found in /var/log/samba-audit.log and home directories have sticky bits set so users can only modify their own files. Amit Sir has been asked to document this in the wiki for future reference.
Please note, I has implemented full monitoring of user(s) of samba at Bry-air wh
ich can be monitored via samba-audit.log in /var/log directory. Also in addition to it i have added sticky bit permission to home directory so that user can mod ified only their files respectively. Amit Sir- Please document this in wiki for future reference. STEPS: 1. Add the vfs objects section in /etc/samba/smb.conf -----------[global] ... other stuff ... # Full audit vfs object = full_audit full_audit:prefix = %u|%I|%m|%S full_audit:success = mkdir rmdir read pread write pwrite rename unlink full_audit:failure = connect full_audit:facility = local7 full_audit:priority = notice 2. Edit the file /etc/rsyslog.d/50-default.conf to don't send the audit log to / var/log/syslog: -------------# Change this line *.*;auth,authpriv.none -/var/log/syslog # To *.*;auth,authpriv.none,local7.none -/var/log/syslog 3. Then add the local7 log faciliy and put messages in /var/log/samba-audit.log: -------------# Add this line local7.notice /var/log/samba-audit.log 4. To totate the logs weekly add this section to /etc/logrotate.d/samba: -------------/var/log/samba-audit.log { weekly missingok rotate 7 postrotate reload rsyslog > /dev/null 2>&1 || true endscript compress notifempty } 5. Restart everything: -----------service rsyslog restart service smbd restart