similar to: audit module

Any ideas why a vfs module loads successfully then can't be found? [2005/01/30 03:52:08, 5] lib/util_seaccess.c:se_access_check(309) se_access_check: access (2) granted. [2005/01/30 03:52:08, 3] smbd/vfs.c:vfs_init_default(203) Initialising default vfs hooks [2005/01/30 03:52:08, 3] smbd/vfs.c:vfs_init_custom(229) Initialising custom vfs hooks from [/usr/lib/samba/vfs/audit.so]

Hi all Is anyone using the audit.so module ? I've compiled it and added the appropriate line to smb.conf but I seem to be having a few issues... Here is an snip from syslog... May 13 18:12:44 netvault.crcert.unsw.edu.au smbd_audit[13474]: opendir ./ May 13 18:12:44 netvault.crcert.unsw.edu.au smbd_audit[13474]: opendir . May 13 18:12:50 netvault.crcert.unsw.edu.au smbd_audit[13474]: opendir .

Hello, now I have done this: under http://wiki.dovecot.org/Logging?highlight=(logging) Rotating Logs is the following string ----------------------- /bin/kill -USR1 `cat /var/run/dovecot/master.pid 2>/dev/null` 2> /dev/null || true ------------------------ This string I have insert in /etc/logrotate.d/syslog under the lines: postrotate /bin/kill -HUP `cat /var/run/syslogd.pid

https://bugzilla.mindrot.org/show_bug.cgi?id=1968 Bug #: 1968 Summary: openssh won't build with --with-audit=bsm on Solaris 11 Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: ix86 OS/Version: Solaris Status: NEW Severity: normal Priority: P2

Hi all Is anyone using the audit.so module ? I've compiled it and added the appropriate line to smb.conf but I seem to be having a few issues... Here is an snip from syslog... May 13 18:12:44 myhost.com smbd_audit[13474]: opendir ./ May 13 18:12:44 myhost.com smbd_audit[13474]: opendir . May 13 18:12:50 myhost.com smbd_audit[13474]: opendir . May 13 18:12:50 myhost.com smbd_audit[13474]:

add to each share writeable = yes or read-only = no This Helps! Rauno -----Original Message----- From: werner maes [mailto:werner.maes@cc.kuleuven.ac.be] Sent: 11. mai 2004. a. 16:19 To: samba@samba.org Subject: [Samba] BUG: Vfs audit module & samba 3.0.4 ==> share unaccessible Hello Maybe there's a bug in samba-3.0.4. The following configuration does NO longer work. It did

Hello, I have a curious phenomenon. Dovecot logs normally to /var/log/maillog. If I restart my server, dovecot loggs to /var/log/audit/audit.log. If I restart dovecot, dovecot loggs to /var/log/maillog again. And I think, wenn logrotate is restarting, dovecot logs to audit.log. But I don't know why. Any Ideas? greetings Ralf

hey, i need to know who deleted files on our server so i added the audit module. but now i cant find any hint in the log file which user deleted the file. it just shows me "Feb 6 13:54:57 smb.-server smbd_audit[13881]: opendir .recycle". How can i do that? another question is: how can i tell samba to keep more versions of the log files? Now it only keeps a client.log and a

Hello Maybe there's a bug in samba-3.0.4. The following configuration does NO longer work. It did work fine in samba-3.0.2a. I did not test samba-3.0.3 The share is no longer accessible !!! [BKHI-CC3] path = /home/BKHI-CC3 valid users = @BKHI-CC3-R, @BKHI-CC3-W write list = @BKHI-CC3-W force group = +BKHI-CC3-W create mask = 0664

I have activated the audit.so module and it logs information about file access but not in the format I want: it doesn't log the user name and host name who performed each action on a file or directory. How can I set the format of this log? About the recycle.so module, it works but not always. Some "Permission denied" lines appear in the logs regarding a file move towards .recycle.

> It was just a guess that it was a DC, but it was based on this: > I was experiencing problems when I simultaneously enabled shadow_copy2 and full_audit modules. > When enabled, problems occurred in the sysvol folder. > So how can you be having problems in 'sysvol' if this is a domain > member ? > I think you should post your smb.conf. > Rowland As for the

Hello, I'm configuring Samba 3.0.6 on Debian stable, after using version 2.2.8a for a while. I have some questions on VFS modules, which could be summed up into a single big question: is there any documentation about them, other than the few paragaphs in the official howto? Now for the single questions: 1. audit: its output goes into syslog, no options to change this, right? And also no

hi, i use samba 2.2.8a on a share i wanted to use the audit.so and recycle.so modules. in my smb.conf i added the following share [dir] comment = dir valid users = @edv writeable = yes create mode = 777 path = /data/ directory mode = 777 vfs object = /usr/lib/samba/vfs/audit.so vfs object = /usr/lib/samba/vfs/recycle.so vfs options = /etc/samba/recycle.conf with this config the recycle bin is

FYI, since this is probably of interest to subscribers of this mailing list also. Robert N M Watson ---------- Forwarded message ---------- Date: Wed, 1 Feb 2006 22:55:40 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Julian Elischer <julian@elischer.org> Cc: trustedbsd-audit@TrustedBSD.org, K?vesd?n G?bor <gabor.kovesdan@t-hosting.hu>, current@freebsd.org

Hi Damien, I'm working with the Solaris team that is integrating openssh into upcoming Solaris releases. I'm looking for advice from the upstream community. You were suggested for that advice. If there are other mailing lists you'd like me to ask, I'm happy to do so, or if you'd like to forward, please feel free to do so. The --with-audit=bsm (audit-bsm.c) configuration

A samba server (2.0.2 linux/intel) is the primary domain server for "SAF". 5 workstations (nt 4sp3 intel) belong to this domain. In order to trash the event viewer, do the following: As administrator: 1. select any file (on C:, this has nothing to do with samba file sharing) 2. properties 3. audit 4. add at this point it tries to look up the users in SAF, fails, and Dr. Watson

#include <errno.h> was removed from includes.h in July: ---------------------------- revision 1.113 date: 2006/07/12 12:22:46; author: dtucker; state: Exp; lines: +1 -2 - stevesk at cvs.openbsd.org 2006/07/11 20:07:25 [scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c includes.h

Whenever I review audit logs, it is difficult for me to determine if an account was logged in at an usual day/time because there is no timestamp next to any entry, at least as I interpret the format. How, then do I properly and successfully review the audit log entries based on a date/time stamp? Also, how can I filter out root and sudo account entries, displaying everyone else in audit?

Greetings. I have samba 2.2.6 installed on FreeBSD 4.7-RC, from ports, compiled with audit/syslog/recycle/winbind. I try to use audit via syslogd. I created the following share: ===Cut=== [price] create mask = 664 security mask = 644 directory security mask = 000 directory mask = 755 comment = Fresh Norma PriceList path = /usr/local/public/ftp/pub/price valid users = emz ramil hunter alex ckv

Hi. I'm seeing a lot of entries in /var/log/audit/audit.log acct=28756E6B6E6F776E207573657229 , which apparently means unknown user . Sample from the logs : type=USER_LOGIN msg=audit(1370998250.746:1622709): user pid=16762 uid=0 auid=4294967295 ses=4294967295 msg='op=login acct=28756E6B6E6F776E207573657229 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh