Short samba tutorial with audit trail function
•Download as PPTX, PDF•
2 likes•1,584 views
This document provides instructions for configuring Samba with audit trail capabilities on an Ubuntu server. It explains that audit trails record a chronological sequence of activities to provide evidence of specific operations or events. The configuration example shows Samba settings to log file sharing activity to a specific log file using the "full_audit" VFS object. It also provides instructions to edit rsyslog configuration to direct Samba audit logs to a file and restart services for the changes to take effect.
![SAMBA CONFIGURATION FOR AUDIT TRAIL
Example Configuration
[global]
workgroup = Workgroup
server string = Samba Server
Version %v
netbios name = server-sharing
security = share
[SHARE]
path = /data
public = yes
browseable = yes
read only = no
force user = test
force group = test
vfs objects = full_audit
full_audit:prefix = %u|%i|%m|%s
full_audit:success = mkdir rename unlink rmdir pwrite
full_audit:failure = none
full_audit:facility = LOCAL6
Ali Rachman
full_audit:priority = NOTICE](https://image.slidesharecdn.com/sambawithaudittrail-140220043512-phpapp02/85/Short-samba-tutorial-with-audit-trail-function-3-320.jpg)
Short samba tutorial with audit trail function
- 1. SAMBA WITH AUDIT TRAIL ADDITIONAL CONFIGURATION FOR SAMBA (UBUNTU SERVER) Ali Rachman
- 2. SAMBA Samba is free software that use SMB/CIFS networking protocol. Samba originally developed by Andrew Tridgell. In this presentation, I will show you a short configuration for configuring samba with audit trail, so we can know user activity within our file server. Audit trail is security-relevant chronological record, set of records, and/or destination and source of record that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event. Audit records typically result from activities such as financial transaction, scientific research and health care data transaction, or communications by individual people, systems, accounts, or other entities (Wikipedia) Ali Rachman
- 3. SAMBA CONFIGURATION FOR AUDIT TRAIL Example Configuration [global] workgroup = Workgroup server string = Samba Server Version %v netbios name = server-sharing security = share [SHARE] path = /data public = yes browseable = yes read only = no force user = test force group = test vfs objects = full_audit full_audit:prefix = %u|%i|%m|%s full_audit:success = mkdir rename unlink rmdir pwrite full_audit:failure = none full_audit:facility = LOCAL6 Ali Rachman full_audit:priority = NOTICE
- 4. Edit file /etc/rsyslog.d/50-default.conf and following command # Default rules for rsyslog. # # For more information see rsyslog.conf(5) and /etc/rsyslog.conf # # First some standard log files. Log by facility. # auth,authpriv.* /var/log/auth.log *.*;auth,authpriv.none -/var/log/syslog #cron.* /var/log/cron.log daemon.* -/var/log/daemon.log kern.* -/var/log/kern.log lpr.* -/var/log/lpr.log mail.* -/var/log/mail.log user.* -/var/log/user.log local6.* -/var/log/samba/audit.log Ali Rachman
- 5. After that do following command #service rsyslog restart #service smbd restart You can see the log at /var/log/samba #tail audit.log THANK YOU Ali Rachman