Short samba tutorial with audit trail function

  • 249 views
Uploaded on

This presentation will explain about how to make samba configuration with audit trail function, so we can track file sharing history

This presentation will explain about how to make samba configuration with audit trail function, so we can track file sharing history

More in: Self Improvement
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
249
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
2
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. SAMBA WITH AUDIT TRAIL ADDITIONAL CONFIGURATION FOR SAMBA (UBUNTU SERVER) Ali Rachman
  • 2. SAMBA Samba is free software that use SMB/CIFS networking protocol. Samba originally developed by Andrew Tridgell. In this presentation, I will show you a short configuration for configuring samba with audit trail, so we can know user activity within our file server. Audit trail is security-relevant chronological record, set of records, and/or destination and source of record that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event. Audit records typically result from activities such as financial transaction, scientific research and health care data transaction, or communications by individual people, systems, accounts, or other entities (Wikipedia) Ali Rachman
  • 3. SAMBA CONFIGURATION FOR AUDIT TRAIL Example Configuration [global] workgroup = Workgroup server string = Samba Server Version %v netbios name = server-sharing security = share [SHARE] path = /data public = yes browseable = yes read only = no force user = test force group = test vfs objects = full_audit full_audit:prefix = %u|%i|%m|%s full_audit:success = mkdir rename unlink rmdir pwrite full_audit:failure = none full_audit:facility = LOCAL6 Ali Rachman full_audit:priority = NOTICE
  • 4. Edit file /etc/rsyslog.d/50-default.conf and following command # Default rules for rsyslog. # # For more information see rsyslog.conf(5) and /etc/rsyslog.conf # # First some standard log files. Log by facility. # auth,authpriv.* /var/log/auth.log *.*;auth,authpriv.none -/var/log/syslog #cron.* /var/log/cron.log daemon.* -/var/log/daemon.log kern.* -/var/log/kern.log lpr.* -/var/log/lpr.log mail.* -/var/log/mail.log user.* -/var/log/user.log local6.* -/var/log/samba/audit.log Ali Rachman
  • 5. After that do following command #service rsyslog restart #service smbd restart You can see the log at /var/log/samba #tail audit.log THANK YOU Ali Rachman