Hi to all!
I'm trying to enable Samba audit. After searching a little i found two interesting post
http://forums.contribs.org/index.php?topic=46444.0 and
http://forums.contribs.org/index.php?topic=35872.0 and i try to use them to enable Samba audit. But with no luck. After digging some more i found my problem: i use a contribs (SharedFolder) to shares documents but the previous link is for standard i-bay.
Then, after reading
http://a32.me/2009/10/samba-audit-trail/, i choose to modify smb.conf myself.
I found that SharedFolder contribs create a templates in /etc/e-smith/templates/etc/smb.conf/ named 90shares and i modified it, from
{
# process all information-bay directories
use esmith::AccountsDB;
my $adb = esmith::AccountsDB->open_ro();
foreach my $share ($adb->get_all_by_prop(type => 'share'))
{
if ( ($share->prop('smbAccess') || 'browseable') =~ /browseable$/ ){
$OUT .= esmith::templates::processTemplate (
{
MORE_DATA => {
share => $share,
},
TEMPLATE_PATH => "/etc/smb.conf/shares",
OUTPUT_TYPE => 'string',
});
}
else{
$OUT .= "# ".$share->key." access is disabled\n";
}
}
}
to
{
# process all information-bay directories
use esmith::AccountsDB;
my $adb = esmith::AccountsDB->open_ro();
foreach my $share ($adb->get_all_by_prop(type => 'share'))
{
if ( ($share->prop('smbAccess') || 'browseable') =~ /browseable$/ ){
$OUT .= esmith::templates::processTemplate (
{
MORE_DATA => {
share => $share,
},
TEMPLATE_PATH => "/etc/smb.conf/shares",
OUTPUT_TYPE => 'string',
});
}
else{
$OUT .= "# ".$share->key." access is disabled\n";
}
$OUT .="# Audit settings
full_audit:prefix = %u|%I|%S
full_audit:failure = connect
full_audit:success = opendir mkdir rmdir open write rename unlink
full_audit:facility = local5
full_audit:priority = notice
"
}
}
Then i run /sbin/e-smith/expand-template /etc/smb.conf and when i look to my smb.conf it looks like this:
# Please read the developer's guide, which is available
# at http://www.contribs.org/development/
#
# Copyright (C) 1999-2006 Mitel Networks Corporation
#------------------------------------------------------------
[global]
add machine script = /sbin/e-smith/signal-event machine-account-create '%u'
bind interfaces only = yes
case sensitive = no
deadtime = 10080
display charset = ISO8859-1
dns proxy = no
domain logons = yes
domain master = yes
dos charset = 850
encrypt passwords = yes
guest account = public
guest ok = no
hosts allow = 127.0.0.1 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0
interfaces = 127.0.0.1 192.168.1.10/255.255.255.0
log file = /var/log/samba/log.%m
logon drive = Z:
logon home = \\%L\%U\._winprofile
logon path = \\%L\Profiles\%U
logon script = netlogon.bat
map to guest = never
max log size = 50
name resolve order = wins lmhosts bcast
netbios name = server-sme
oplocks = true
kernel oplocks = true
level2 oplocks = true
os level = 65
passdb backend = smbpasswd:/etc/samba/smbpasswd
pid directory = /var/run
preferred master = yes
preserve case = yes
private dir = /etc/samba
security = user
server string = SME Server
short preserve case = yes
smb passwd file = /etc/samba/smbpasswd
smb ports = 139
socket options = TCP_NODELAY
strict locking = no
unix charset = UTF8
unix password sync = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
check password script = /sbin/e-smith/samba_check_password
unix extensions = no
wins support = yes
workgroup = test.local
printcap name = /etc/printcap
load printers = yes
printing = lprng
print command = /usr/bin/lpr -b -h -r -P%p %s
[homes]
comment = Home directory
browseable = no
guest ok = no
read only = no
writable = yes
printable = no
create mode = 0660
force create mode = 0660
directory mode = 0770
force directory mode = 0770
path = /home/e-smith/files/users/%S/home
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
use client driver = yes
[Profiles]
path = /home/e-smith/files/samba/profiles
writeable = yes
browseable = no
create mask = 0600
directory mask = 0700
csc policy = disable
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
[netlogon]
comment = Network Logon Service
path = /home/e-smith/files/samba/netlogon
guest ok = yes
writable = yes
browseable = no
[print$]
comment = Printer drivers
path = /home/e-smith/files/samba/printers
guest ok = yes
browseable = yes
writable = no
[Primary]
comment = Primary i-bay
path = /home/e-smith/files/ibays/Primary
read only = no
writable = yes
printable = no
inherit permissions = yes
create mode = 0640
[condivisa]
comment = condivisa
path = /home/e-smith/files/shares/condivisa/files
read only = no
writable = yes
printable = no
inherit permissions = yes
create mode = 0660
# Audit settings
full_audit:prefix = %u|%I|%S
full_audit:failure = connect
full_audit:success = opendir mkdir rmdir open write rename unlink
full_audit:facility = local5
full_audit:priority = notice
[dati-privati]
comment = dati privati
path = /home/e-smith/files/shares/dati-privati/files
read only = no
writable = yes
printable = no
inherit permissions = yes
create mode = 0660
# Audit settings
full_audit:prefix = %u|%I|%S
full_audit:failure = connect
full_audit:success = opendir mkdir rmdir open write rename unlink
full_audit:facility = local5
full_audit:priority = notice
[datipubblici]
comment = dati pubbilici
path = /home/e-smith/files/shares/datipubblici/files
read only = no
writable = yes
printable = no
inherit permissions = yes
create mode = 0660
# Audit settings
full_audit:prefix = %u|%I|%S
full_audit:failure = connect
full_audit:success = opendir mkdir rmdir open write rename unlink
full_audit:facility = local5
full_audit:priority = notice
But when i look to /var/log/messages there isn't any samba log.
I'm testing it on a 8.0Beta6.
Any suggestion?
Thanks!