similar to: Tracking file activity

Hello, Some mischief happened and I have been asked if I can find out who was logged into their computers within a specific off-hours time frame. My logs for that time frame happened to be running at debug level 3, so I have been looking through them and trying to figure out how to recognize a workstation login. I find lines beginning with auth_check_password_send that seem like reasonably good

Hi List, Just a quick question for you: Does Samba 3.0.20 support the full_audit module? I've got the module operating on two boxes, one with Samba 3.0.25 and the other with 3.0.20, and only the former seems to interpret VFS directives, such as: full_audit:prefix = %u full_audit:failure = none full_audit:success = open write close On the 3.0.20 box, they seem to be ignored,

Greetings, I've been looking for a proper way to to track down user's activity inside the shell as I'm helping my colleague to configure a web hosting and shell hosting server. Someone have referred me to this article -- http://bsdtips.utcorp.net/mediawiki/index.php/Snoop which is using 'watch' commands to view user's activity once they logged in to the server I found

> Is the 'vfs objects' line in the [global] section ? if so, try moving > it to the shares, there have been reports that adding 'vfs objects' to > [global] causes problems. > Rowland Dear Rowland This host is a Samba 4.6.2 domain member server. In the Global session of smb.conf, I have this line: Vfs objects = acl_xattr On Sharing: Vfs objects = recycle,

Hi, My apologies if this isn't the right place to ask this question. We have trying to setup auditing in Samba but can't seem to get it to work. The audit log file is empty and we see some entries about file/folders in the /var/log/samba/%m but not the actual audit bits. Can someone please assist or point in the correct direction? syslog = 0 log file = /var/log/samba/%m Log level = 0

Folks, Given recent discussion on this list I have just updated the master Samba-Docs information regarding the Debug Class (Log Level) settings and the audit information each causes to be logged. This will appear in on-line versions of the Samba-HOWTO-Collection within 24 hours. To obtain an updated version point your browser at: http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf

Hi team, Is there a way to grab Kerberos specific log entries? Example: /Auth: [Kerberos KDC,ENC-TS Pre-authentication] user.../ I have tried using the kerberos class but nothing was logged when I specified a path. This is what I have on my smb.conf. /[global] ??????? log level = 1 kerberos:2@/var/log/samba/kerberos.log auth_audit:3@/var/log/samba/audit.log

On Sun, 6 May 2018 20:05:20 +1000 Robin G <robinghere3 at gmail.com> wrote: > Hi Rowland, > here is the smb.conf. All shares have the full_audit > > [global] > workgroup = RESOLVS > netbios name = DC1 > security = USER > obey pam restrictions = yes > local master = yes > domain master = yes > preferred

On Tue, 2024-02-27 at 16:46 +1300, June Chong | TechnologyWise via samba wrote: > Hi team, > Is there a way to grab Kerberos specific log entries? > Example: > /Auth: [Kerberos KDC,ENC-TS Pre-authentication] user.../ > I have tried using the kerberos class but nothing was logged when I > specified a path. > This is what I have on my smb.conf. > /[global] log level =

Hi, While updating my fedora rawhide installation, I got the Ooops listed at the end of the Email. Is this a known bug (I didn''t find anything specific), or should I file a bug? Thank you in advance, Clemens Feb 10 10:59:45 testbox kernel: [ 524.495751] BUG: unable to handle kernel NULL pointer dereference at (null) Feb 10 10:59:45 testbox kernel: [ 524.496006] IP:

On Sat, 5 May 2018 11:11:21 -0300 "Ethy H. Brito via samba" <samba at lists.samba.org> wrote: > On Sat, 5 May 2018 23:40:47 +1000 > Robin G via samba <samba at lists.samba.org> wrote: > > ... > > > > full_audit:prefix = %u|%I|%S > > full_audit:failure = none > > full_audit:success = mkdir rmdir read pread write pwrite

On Mon, 2017-04-03 at 13:36 +0000, Ricardo Pardim Claus via samba wrote: > Gentlemen,  > > Can anyone tell me if the modules below are working normally in versions later than 4.4.5? > > Shadow Copy service What problems were you facing with shadow_copy2 module in later versions? >   > full_audit > I'm in version 4.4.5. However, when I had to use these modules, they

Does anyone know of any Linux-based filesystem that does file-level auditing and logs based on username? Does ext2/3 do such auditing (stock or with patches)? I would like a filesystem that can be told to audit and log file deletions and log the username that deleted the file (similar to auditing on NTFS). I know, I should be using file permissions to prevent this type of deletion from

On 06. aug. 2018 16:37, Oleg Cherkasov via samba wrote: > On 06. aug. 2018 15:15, Oleg Cherkasov via samba wrote: >> >> This morning three of our FreeBSD-11.1-p11 servers with Samba 4.7.7 >> installations started to ignore ACL settings and reject user access to >> shares.  All three servers are members of DC running on Windows Server >> 2008R2.  Everything has

Currently under solaris 8 with a fairly generic build: CC="cc" ./configure \ --prefix=/opt/openssh \ --sysconfdir=/var/ssh \ --with-rsh=/usr/local/etc/rsh \ --with-ipv4-default \ --with-ssl-dir=/usr/local/ssl \ --with-ipaddr-display \ --with-pam \ --with-pid-dir=/var/ssh cron will quit working since ssh hasn't

We just had a security application vendor come in. We asked about Linux support and he said that putting a security application on top of an insecure OS was useless. When I asked what he meant by insecure he replied that Linux does not have a true Auditing capability - as opposed to HP-UX & Solaris which they do support. Can anyone explain to me what he was talking about? Thanks, Marty

Hello all. I'm relatively new to Samba, and haven't been able to track down a solution to this particular problem. I use Samba/Winbind to authenticate FreeBSD machines against a Windows 2003 Active Directory. That all works fine. The problem is that groups in the AD of type "Security Group - Domain Local" are causing winbindd a lot of grief. Every time the winbindd daemon is

On 5/23/24 22:58, Andrew Bartlett wrote: > Can you post your smb.conf. Actually no, as I don't have *one* smb.conf. I'll add three of them (the last three were I had this problem) at the end of this email. As you can see they are not exactly identical. > Have you used any of our fallback VFS modules instead of xattrs? I'd say not, but see the smb.confs. > (This would

https://bugzilla.mindrot.org/show_bug.cgi?id=1402 Summary: [RFE] Support auditing through Linux Audit subsystem Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: Other OS/Version: Linux Status: NEW Keywords: patch Severity: normal Priority: P2 Component: sshd

On Thu, 2024-05-23 at 19:20 +0200, Andrea Venturoli via samba wrote: > Hello. > I know my description of the problem will be vague... I'm not asking > for specific help, rather for some directions on where to look in > order to understand it. > I've got several setups which are all alike:_ FreeBSD (currently > 13.2, 13.3 or, rarely, 14.0);_ ZFS;_ two jails: one for an AD