diegogslomp
commented
2 months ago Hello
The logrotate package is not installed from default, try to yum install logrotate -y and see if the rotate works. Any trouble let me know.
Closed killmasta93 closed 2 months ago
diegogslomp
commented
2 months ago Hello
The logrotate package is not installed from default, try to yum install logrotate -y and see if the rotate works. Any trouble let me know.
killmasta93
commented
2 months ago HI @diegogslomp thank you for the reply, quick gestion installing lograte would create this route for me ? etc/rsyslog.d/50-default.conf as currently using the image of ubuntu
diegogslomp
commented
2 months ago Hello @killmasta93
Try to apt install logrotate -y and add service cron start to the start command, something like: bash -c "service cron start && samba-domain-provision && samba -F" if you are using compose. Any trouble let me know.
killmasta93
commented
2 months ago hi @diegogslomp thanks for the reply, so i was trying to figure out on the logging feature and so far i got working to log when the computer logs in but cant seem to get the audit working when they open files or delete, as i cant seem to find the syslog of the container I tried reading https://manpages.debian.org/unstable/manpages-dev/syslog.3.en.html and https://manpages.debian.org/unstable/samba-vfs-modules/vfs_full_audit.8
Thanks
# Global parameters
[global]
ldap server require strong auth = No
bind interfaces only = Yes
dns forwarder = 8.8.8.8
interfaces = lo ens18
netbios name = DC1
realm = TEST.LOCAL
server role = active directory domain controller
workgroup = TEST
idmap_ldb:use rfc2307 = yes
log file = /usr/local/samba/var/auditlog.log
max log size = 50
log level = 2 auth_audit:5
vfs objects = recycle full_audit shadow_copy2 acl_xattr
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[netlogon]
path = /usr/local/samba/var/locks/sysvol/dgs.local/scripts
read only = No
[shares]
path = /usr/local/samba/shares
comment = shares
read only = no
acl_xattr:ignore system acls = yes
writable = yes
read only = no
force create mode = 0660
create mask = 0777
directory mask = 0777
force directory mode = 0770
access based share enum = yes
hide unreadable = yes
recycle:repository = .trash/%U
recycle:maxsize = 0
recycle:versions = Yes
recycle:keeptree = Yes
recycle:touch = No
recycle:directory_mode = 0704
full_audit:prefix = %u|%I|%m|%S
full_audit:success = mkdirat renameat unlinkat
full_audit:failure = mkdirat renameat unlinkat
full_audit:facility = local7Hello
You can try adding mkdir, rmdir, read, pread, write, pwrite, pwrite_recv, rename, unlink, connect, disconnect
If you want all parameters you can add all and from there choose which info you need. Any trouble let me know.
killmasta93
commented
1 month ago hi there, yeah it seems that on the version 4.11 changed the format https://www.samba.org/samba/docs/current/man-html/vfs_full_audit.8.html example like mkdirat still trying to figure out because seems that the logs does not appear clearly
diegogslomp
commented
1 month ago Hello @killmasta93
Try to add all as audit parameter and run smbcontrol all reload-config
Hi Currently we installed the vsf modules which is working the recycle bin, but for the audit, it seems its a bit changed as normally we would do this
in the shares add this
then go to nano /etc/rsyslog.d/50-default.conf and add this
then i did a logrotate in /etc/logrotate.d/samba.audit
in this case the container runs ryslog? or is there way i can do the same thing ? it also seems that the samba version 4.17 changed a few things on the audit https://manpages.debian.org/unstable/samba-vfs-modules/vfs_full_audit.8.en.html
Thanks