Closed killmasta93 closed 2 months ago
Hello
The logrotate package is not installed from default, try to yum install logrotate -y
and see if the rotate works. Any trouble let me know.
HI @diegogslomp thank you for the reply, quick gestion installing lograte would create this route for me ? etc/rsyslog.d/50-default.conf as currently using the image of ubuntu
Hello @killmasta93
Try to apt install logrotate -y
and add service cron start
to the start command, something like: bash -c "service cron start && samba-domain-provision && samba -F" if you are using compose. Any trouble let me know.
hi @diegogslomp thanks for the reply, so i was trying to figure out on the logging feature and so far i got working to log when the computer logs in but cant seem to get the audit working when they open files or delete, as i cant seem to find the syslog of the container I tried reading https://manpages.debian.org/unstable/manpages-dev/syslog.3.en.html and https://manpages.debian.org/unstable/samba-vfs-modules/vfs_full_audit.8
Thanks
# Global parameters
[global]
ldap server require strong auth = No
bind interfaces only = Yes
dns forwarder = 8.8.8.8
interfaces = lo ens18
netbios name = DC1
realm = TEST.LOCAL
server role = active directory domain controller
workgroup = TEST
idmap_ldb:use rfc2307 = yes
log file = /usr/local/samba/var/auditlog.log
max log size = 50
log level = 2 auth_audit:5
vfs objects = recycle full_audit shadow_copy2 acl_xattr
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[netlogon]
path = /usr/local/samba/var/locks/sysvol/dgs.local/scripts
read only = No
[shares]
path = /usr/local/samba/shares
comment = shares
read only = no
acl_xattr:ignore system acls = yes
writable = yes
read only = no
force create mode = 0660
create mask = 0777
directory mask = 0777
force directory mode = 0770
access based share enum = yes
hide unreadable = yes
recycle:repository = .trash/%U
recycle:maxsize = 0
recycle:versions = Yes
recycle:keeptree = Yes
recycle:touch = No
recycle:directory_mode = 0704
full_audit:prefix = %u|%I|%m|%S
full_audit:success = mkdirat renameat unlinkat
full_audit:failure = mkdirat renameat unlinkat
full_audit:facility = local7
Hello
You can try adding mkdir, rmdir, read, pread, write, pwrite, pwrite_recv, rename, unlink, connect, disconnect
If you want all parameters you can add all
and from there choose which info you need. Any trouble let me know.
hi there, yeah it seems that on the version 4.11 changed the format https://www.samba.org/samba/docs/current/man-html/vfs_full_audit.8.html example like mkdirat still trying to figure out because seems that the logs does not appear clearly
Hello @killmasta93
Try to add all
as audit parameter and run smbcontrol all reload-config
Hi Currently we installed the vsf modules which is working the recycle bin, but for the audit, it seems its a bit changed as normally we would do this
in the shares add this
then go to nano /etc/rsyslog.d/50-default.conf and add this
then i did a logrotate in /etc/logrotate.d/samba.audit
in this case the container runs ryslog? or is there way i can do the same thing ? it also seems that the samba version 4.17 changed a few things on the audit https://manpages.debian.org/unstable/samba-vfs-modules/vfs_full_audit.8.en.html
Thanks