Hi
I'd like to know if someone know how to enable samba audit.
I see on a Brazilian site (
http://www.dicas-l.com.br/dicas-l/20050308.php )
Important things for those do not speak Portuguese:
Edit o smb.conf to add line "vfs object = audit" on share to have audit:
[documents]
comment = documents
path = /home/documents
writable = yes
browseable = yes
admin users = renato
vfs object = auditTo audit the share must add this line on syslog.conf
#Samba audit user.*;user.!warn;authpriv.none;cron.none;mail.none;news.none /var/log/samba/audit.log
Log sample (/var/log/samba/audit.log)
Oct 26 17:54:52 server smbd_audit[7496]: connect to service documentos by user renato
Oct 26 17:54:52 server smbd_audit[7496]: opendir ./
Oct 26 17:55:08 server smbd_audit[7496]: opendir documentos
Oct 26 17:55:15 server smbd_audit[7496]: unlink ./arquivo.txt
There are a package to audit logs named smbd_audit.
It's like a SARG to Samba (requires just PHP + perl).
It's a cron script to get data from audit.log e save to Mysql.
More info at:
http://sourceforge.net/projects/smbdaudit/My first tought was to do just like we do for RecycleBin:
db accounts <ibayname> setprop vfs object audit
signal-event ibay-modify <ibayname>
Not sure if it would work... RecycleBin was just
RecycleBin enable and this one has a double word with a parameter and not just enable.
I'm without a test machine to try it and going to vacancy in 36 hours...
not a good time to make tests on my server.
Any thoughts are welcome.
Thanks
Jáder
3 Replies
3631 Views