similar to: audit module

Displaying 20 results from an estimated 100000 matches similar to: "audit module"

2005 Feb 01
1
SLES9 Module '/usr/lib/samba/vfs/audit.so' loaded, Can't find a vfs module [/usr/lib/samba/vfs/audit.so]
Any ideas why a vfs module loads successfully then can't be found? [2005/01/30 03:52:08, 5] lib/util_seaccess.c:se_access_check(309) se_access_check: access (2) granted. [2005/01/30 03:52:08, 3] smbd/vfs.c:vfs_init_default(203) Initialising default vfs hooks [2005/01/30 03:52:08, 3] smbd/vfs.c:vfs_init_custom(229) Initialising custom vfs hooks from [/usr/lib/samba/vfs/audit.so]
2003 May 13
1
audit.so ?
Hi all Is anyone using the audit.so module ? I've compiled it and added the appropriate line to smb.conf but I seem to be having a few issues... Here is an snip from syslog... May 13 18:12:44 netvault.crcert.unsw.edu.au smbd_audit[13474]: opendir ./ May 13 18:12:44 netvault.crcert.unsw.edu.au smbd_audit[13474]: opendir . May 13 18:12:50 netvault.crcert.unsw.edu.au smbd_audit[13474]: opendir .
2009 Feb 10
0
[Fwd: Re: dovecot logs to audit.log not to maillog]
Hello, now I have done this: under http://wiki.dovecot.org/Logging?highlight=(logging) Rotating Logs is the following string ----------------------- /bin/kill -USR1 `cat /var/run/dovecot/master.pid 2>/dev/null` 2> /dev/null || true ------------------------ This string I have insert in /etc/logrotate.d/syslog under the lines: postrotate /bin/kill -HUP `cat /var/run/syslogd.pid
2012 Jan 02
5
[Bug 1968] New: openssh won't build with --with-audit=bsm on Solaris 11
https://bugzilla.mindrot.org/show_bug.cgi?id=1968 Bug #: 1968 Summary: openssh won't build with --with-audit=bsm on Solaris 11 Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: ix86 OS/Version: Solaris Status: NEW Severity: normal Priority: P2
2003 May 14
1
audit.so problem !!
Hi all Is anyone using the audit.so module ? I've compiled it and added the appropriate line to smb.conf but I seem to be having a few issues... Here is an snip from syslog... May 13 18:12:44 myhost.com smbd_audit[13474]: opendir ./ May 13 18:12:44 myhost.com smbd_audit[13474]: opendir . May 13 18:12:50 myhost.com smbd_audit[13474]: opendir . May 13 18:12:50 myhost.com smbd_audit[13474]:
2004 May 11
1
BUG: Vfs audit module & samba 3.0.4 ==> share unacces sible
add to each share writeable = yes or read-only = no This Helps! Rauno -----Original Message----- From: werner maes [mailto:werner.maes@cc.kuleuven.ac.be] Sent: 11. mai 2004. a. 16:19 To: samba@samba.org Subject: [Samba] BUG: Vfs audit module & samba 3.0.4 ==> share unaccessible Hello Maybe there's a bug in samba-3.0.4. The following configuration does NO longer work. It did
2009 Feb 09
2
dovecot logs to audit.log not to maillog
Hello, I have a curious phenomenon. Dovecot logs normally to /var/log/maillog. If I restart my server, dovecot loggs to /var/log/audit/audit.log. If I restart dovecot, dovecot loggs to /var/log/maillog again. And I think, wenn logrotate is restarting, dovecot logs to audit.log. But I don't know why. Any Ideas? greetings Ralf
2007 Feb 06
1
audit module
hey, i need to know who deleted files on our server so i added the audit module. but now i cant find any hint in the log file which user deleted the file. it just shows me "Feb 6 13:54:57 smb.-server smbd_audit[13881]: opendir .recycle". How can i do that? another question is: how can i tell samba to keep more versions of the log files? Now it only keeps a client.log and a
2004 May 11
0
BUG: Vfs audit module & samba 3.0.4 ==> share unaccessible
Hello Maybe there's a bug in samba-3.0.4. The following configuration does NO longer work. It did work fine in samba-3.0.2a. I did not test samba-3.0.3 The share is no longer accessible !!! [BKHI-CC3] path = /home/BKHI-CC3 valid users = @BKHI-CC3-R, @BKHI-CC3-W write list = @BKHI-CC3-W force group = +BKHI-CC3-W create mask = 0664
2005 Nov 08
1
audit and recycle VFS modules
I have activated the audit.so module and it logs information about file access but not in the format I want: it doesn't log the user name and host name who performed each action on a file or directory. How can I set the format of this log? About the recycle.so module, it works but not always. Some "Permission denied" lines appear in the logs regarding a file move towards .recycle.
2017 Apr 28
0
Problems with the Full Audit module
> It was just a guess that it was a DC, but it was based on this: > I was experiencing problems when I simultaneously enabled shadow_copy2 and full_audit modules. > When enabled, problems occurred in the sysvol folder. > So how can you be having problems in 'sysvol' if this is a domain > member ? > I think you should post your smb.conf. > Rowland As for the
2004 Sep 11
0
Questions on VFS modules (audit)
Hello, I'm configuring Samba 3.0.6 on Debian stable, after using version 2.2.8a for a while. I have some questions on VFS modules, which could be summed up into a single big question: is there any documentation about them, other than the few paragaphs in the official howto? Now for the single questions: 1. audit: its output goes into syslog, no options to change this, right? And also no
2003 May 28
2
vfs modules audit + recycle
hi, i use samba 2.2.8a on a share i wanted to use the audit.so and recycle.so modules. in my smb.conf i added the following share [dir] comment = dir valid users = @edv writeable = yes create mode = 777 path = /data/ directory mode = 777 vfs object = /usr/lib/samba/vfs/audit.so vfs object = /usr/lib/samba/vfs/recycle.so vfs options = /etc/samba/recycle.conf with this config the recycle bin is
2006 Feb 02
0
HEADS UP: Audit integration into CVS in progress, some tree disruption (fwd)
FYI, since this is probably of interest to subscribers of this mailing list also. Robert N M Watson ---------- Forwarded message ---------- Date: Wed, 1 Feb 2006 22:55:40 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Julian Elischer <julian@elischer.org> Cc: trustedbsd-audit@TrustedBSD.org, K?vesd?n G?bor <gabor.kovesdan@t-hosting.hu>, current@freebsd.org
2014 Dec 04
3
Adding Solaris Audit to sshd (and sftp-server)
Hi Damien, I'm working with the Solaris team that is integrating openssh into upcoming Solaris releases. I'm looking for advice from the upstream community. You were suggested for that advice. If there are other mailing lists you'd like me to ask, I'm happy to do so, or if you'd like to forward, please feel free to do so. The --with-audit=bsm (audit-bsm.c) configuration
1999 Jun 15
0
NT 4 sp3 audit + samba = total mess
A samba server (2.0.2 linux/intel) is the primary domain server for "SAF". 5 workstations (nt 4sp3 intel) belong to this domain. In order to trash the event viewer, do the following: As administrator: 1. select any file (on C:, this has nothing to do with samba file sharing) 2. properties 3. audit 4. add at this point it tries to look up the users in SAF, fails, and Dr. Watson
2006 Sep 30
1
audit-bsm.c lacks <errno.h>
#include <errno.h> was removed from includes.h in July: ---------------------------- revision 1.113 date: 2006/07/12 12:22:46; author: dtucker; state: Exp; lines: +1 -2 - stevesk at cvs.openbsd.org 2006/07/11 20:07:25 [scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c includes.h
2007 Oct 28
1
Interpreting audit logs?
Whenever I review audit logs, it is difficult for me to determine if an account was logged in at an usual day/time because there is no timestamp next to any entry, at least as I interpret the format. How, then do I properly and successfully review the audit log entries based on a date/time stamp? Also, how can I filter out root and sudo account entries, displaying everyone else in audit?
2002 Oct 23
2
Audit in 2.2.6
Greetings. I have samba 2.2.6 installed on FreeBSD 4.7-RC, from ports, compiled with audit/syslog/recycle/winbind. I try to use audit via syslogd. I created the following share: ===Cut=== [price] create mask = 664 security mask = 644 directory security mask = 000 directory mask = 755 comment = Fresh Norma PriceList path = /usr/local/public/ftp/pub/price valid users = emz ramil hunter alex ckv
2013 Jun 12
1
Audit logs containing 28756E6B6E6F776E207573657229
Hi. I'm seeing a lot of entries in /var/log/audit/audit.log acct=28756E6B6E6F776E207573657229 , which apparently means unknown user . Sample from the logs : type=USER_LOGIN msg=audit(1370998250.746:1622709): user pid=16762 uid=0 auid=4294967295 ses=4294967295 msg='op=login acct=28756E6B6E6F776E207573657229 exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh