1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

3 Commits

Author SHA1 Message Date
Gary Lockyer
87a8325a0d s4 group_audit: Add Windows Event Id's to Group membership changes
Generate a GroupChange event when a user is created with a PrimaryGroup
membership.  Log the windows event id in the JSON GroupChange message.

Event Id's supported are:
	4728	A member was added to a security enabled global group
	4729	A member was removed from a security enabled global
		group
	4732	A member was added to a security enabled local group
	4733	A member was removed from a security enabled local group
	4746	A member was added to a security disabled local group
	4747	A member was removed from a security disabled local group
	4751	A member was added to a security disabled global group
	4752	A member was removed from a security disabled global
		group
	4756	A member was added to a security enabled universal
		group
	4757	A member was removed from a security enabled universal
		group
	4761	A member was added to a security disabled universal
		group
	4762	A member was removed from a security disabled universal
		group

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-21 22:16:09 +01:00
Gary Lockyer
e97acc714d dsdb audit_log: Add windows event codes to password changes
Add a new "eventId" element to the PasswordChange JSON log messages.
This contains a Windows Event Code Id either:
	4723	Password changed
	4724	Password reset

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-14 18:57:52 +01:00
Gary Lockyer
cb23a0345f idl: Add Windows event code ids
Add idl definitions for Windows Event Code Ids, and Logon Types. This
intial commit adds:

Event Ids
	4264	Successful logon
	4625	Unsuccessful logon

Logon Types
	 2	Interactive
	 3	Network
	 4	Batch
	 5	Service
	 7	Unlock
	 8	NetworkCleartext
	 9	NewCredentials
	10	RemoteInteractive
	11	CachedInteractive

The intention is to add Windows Event Codes to the JSON log messages, to
provide a common event identifier in mixed Windows and Samba networks.
And to assist security personnel with a windows background.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-14 18:57:52 +01:00