mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
eae6d76a36
writing that they are correct for version x is not always precise. But we're working on that also :-) Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
267 lines
8.4 KiB
XML
267 lines
8.4 KiB
XML
<?xml version="1.0" encoding="iso-8859-1"?>
|
|
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
|
|
<refentry id="vfs_full_audit.8">
|
|
|
|
<refmeta>
|
|
<refentrytitle>vfs_full_audit</refentrytitle>
|
|
<manvolnum>8</manvolnum>
|
|
<refmiscinfo class="source">Samba</refmiscinfo>
|
|
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
|
|
<refmiscinfo class="version">&doc.version;</refmiscinfo>
|
|
</refmeta>
|
|
|
|
|
|
<refnamediv>
|
|
<refname>vfs_full_audit</refname>
|
|
<refpurpose>record Samba VFS operations in the system log</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv>
|
|
<cmdsynopsis>
|
|
<command>vfs objects = full_audit</command>
|
|
</cmdsynopsis>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1>
|
|
<title>DESCRIPTION</title>
|
|
|
|
<para>This VFS module is part of the
|
|
<citerefentry><refentrytitle>samba</refentrytitle>
|
|
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
|
|
|
<para>The <command>vfs_full_audit</command> VFS module records selected
|
|
client operations to the system log using
|
|
<citerefentry><refentrytitle>syslog</refentrytitle>
|
|
<manvolnum>3</manvolnum></citerefentry>.</para>
|
|
|
|
<para><command>vfs_full_audit</command> is able to record the
|
|
complete set of Samba VFS operations:</para>
|
|
|
|
<simplelist>
|
|
<member>chdir</member>
|
|
<member>chflags</member>
|
|
<member>chmod</member>
|
|
<member>chmod_acl</member>
|
|
<member>chown</member>
|
|
<member>close</member>
|
|
<member>closedir</member>
|
|
<member>connect</member>
|
|
<member>copy_chunk_send</member>
|
|
<member>copy_chunk_recv</member>
|
|
<member>disconnect</member>
|
|
<member>disk_free</member>
|
|
<member>fchmod</member>
|
|
<member>fchmod_acl</member>
|
|
<member>fchown</member>
|
|
<member>fget_nt_acl</member>
|
|
<member>fgetxattr</member>
|
|
<member>flistxattr</member>
|
|
<member>fremovexattr</member>
|
|
<member>fset_nt_acl</member>
|
|
<member>fsetxattr</member>
|
|
<member>fstat</member>
|
|
<member>fsync</member>
|
|
<member>ftruncate</member>
|
|
<member>get_compression</member>
|
|
<member>get_nt_acl</member>
|
|
<member>get_quota</member>
|
|
<member>get_shadow_copy_data</member>
|
|
<member>getlock</member>
|
|
<member>getwd</member>
|
|
<member>getxattr</member>
|
|
<member>kernel_flock</member>
|
|
<member>link</member>
|
|
<member>linux_setlease</member>
|
|
<member>listxattr</member>
|
|
<member>lock</member>
|
|
<member>lseek</member>
|
|
<member>lstat</member>
|
|
<member>mkdir</member>
|
|
<member>mknod</member>
|
|
<member>open</member>
|
|
<member>opendir</member>
|
|
<member>pread</member>
|
|
<member>pwrite</member>
|
|
<member>read</member>
|
|
<member>readdir</member>
|
|
<member>readlink</member>
|
|
<member>realpath</member>
|
|
<member>removexattr</member>
|
|
<member>rename</member>
|
|
<member>rewinddir</member>
|
|
<member>rmdir</member>
|
|
<member>seekdir</member>
|
|
<member>sendfile</member>
|
|
<member>set_compression</member>
|
|
<member>set_nt_acl</member>
|
|
<member>set_quota</member>
|
|
<member>setxattr</member>
|
|
<member>snap_check_path</member>
|
|
<member>snap_create</member>
|
|
<member>snap_delete</member>
|
|
<member>stat</member>
|
|
<member>statvfs</member>
|
|
<member>symlink</member>
|
|
<member>sys_acl_delete_def_file</member>
|
|
<member>sys_acl_get_fd</member>
|
|
<member>sys_acl_get_file</member>
|
|
<member>sys_acl_set_fd</member>
|
|
<member>sys_acl_set_file</member>
|
|
<member>telldir</member>
|
|
<member>unlink</member>
|
|
<member>utime</member>
|
|
<member>write</member>
|
|
</simplelist>
|
|
|
|
<para>In addition to these operations,
|
|
<command>vfs_full_audit</command> recognizes the special operation
|
|
names "all" and "none ", which refer to all
|
|
the VFS operations and none of the VFS operations respectively.
|
|
</para>
|
|
|
|
<para><command>vfs_full_audit</command> records operations in fixed
|
|
format consisting of fields separated by '|' characters. The
|
|
format is: </para>
|
|
<programlisting>
|
|
smbd_audit: PREFIX|OPERATION|RESULT|FILE
|
|
</programlisting>
|
|
|
|
<para>The record fields are:</para>
|
|
|
|
<itemizedlist>
|
|
<listitem><para><command>PREFIX</command> - the result of the full_audit:prefix string after variable substitutions</para></listitem>
|
|
<listitem><para><command>OPERATION</command> - the name of the VFS operation</para></listitem>
|
|
<listitem><para><command>RESULT</command> - whether the operation succeeded or failed</para></listitem>
|
|
<listitem><para><command>FILE</command> - the name of the file or directory the operation was performed on</para></listitem>
|
|
|
|
</itemizedlist>
|
|
|
|
<para>This module is stackable.</para>
|
|
|
|
</refsect1>
|
|
|
|
|
|
<refsect1>
|
|
<title>OPTIONS</title>
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry>
|
|
<term>full_audit:prefix = STRING</term>
|
|
<listitem>
|
|
<para>Prepend audit messages with STRING. STRING is
|
|
processed for standard substitution variables listed in
|
|
<citerefentry><refentrytitle>smb.conf</refentrytitle>
|
|
<manvolnum>5</manvolnum></citerefentry>. The default
|
|
prefix is "%u|%I". </para>
|
|
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>full_audit:success = LIST</term>
|
|
<listitem>
|
|
<para>LIST is a list of VFS operations that should be
|
|
recorded if they succeed. Operations are specified using
|
|
the names listed above. Operations can be unset by prefixing
|
|
the names with "!". The default is all operations.
|
|
</para>
|
|
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>full_audit:failure = LIST</term>
|
|
<listitem>
|
|
<para>LIST is a list of VFS operations that should be
|
|
recorded if they failed. Operations are specified using
|
|
the names listed above. Operations can be unset by prefixing
|
|
the names with "!". The default is all operations.
|
|
</para>
|
|
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>full_audit:facility = FACILITY</term>
|
|
<listitem>
|
|
<para>Log messages to the named
|
|
<citerefentry><refentrytitle>syslog</refentrytitle>
|
|
<manvolnum>3</manvolnum></citerefentry> facility.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>full_audit:priority = PRIORITY</term>
|
|
<listitem>
|
|
<para>Log messages with the named
|
|
<citerefentry><refentrytitle>syslog</refentrytitle>
|
|
<manvolnum>3</manvolnum></citerefentry> priority.
|
|
</para>
|
|
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>full_audit:syslog = true/false</term>
|
|
<listitem>
|
|
<para>Log messages to syslog (default) or as a debug level 1
|
|
message.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>full_audit:log_secdesc = true/false</term>
|
|
<listitem>
|
|
<para>Log an sddl form of the security descriptor coming in
|
|
when a client sets an acl. Defaults to false.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>EXAMPLES</title>
|
|
|
|
<para>Log file and directory open operations on the [records]
|
|
share using the LOCAL7 facility and ALERT priority, including
|
|
the username and IP address. Logging excludes the open VFS function
|
|
on failures:</para>
|
|
|
|
<programlisting>
|
|
<smbconfsection name="[records]"/>
|
|
<smbconfoption name="path">/data/records</smbconfoption>
|
|
<smbconfoption name="vfs objects">full_audit</smbconfoption>
|
|
<smbconfoption name="full_audit:prefix">%u|%I</smbconfoption>
|
|
<smbconfoption name="full_audit:success">open opendir</smbconfoption>
|
|
<smbconfoption name="full_audit:failure">all !open</smbconfoption>
|
|
<smbconfoption name="full_audit:facility">LOCAL7</smbconfoption>
|
|
<smbconfoption name="full_audit:priority">ALERT</smbconfoption>
|
|
</programlisting>
|
|
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>VERSION</title>
|
|
<para>This man page is part of version &doc.version; of the Samba suite.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>AUTHOR</title>
|
|
|
|
<para>The original Samba software and related utilities
|
|
were created by Andrew Tridgell. Samba is now developed
|
|
by the Samba Team as an Open Source project similar
|
|
to the way the Linux kernel is developed.</para>
|
|
|
|
</refsect1>
|
|
|
|
</refentry>
|