Feature #1963

SambaAudit: add samba audit support

Added by Giacomo Sanchietti about 8 years ago. Updated about 8 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-samba-audit
Target version:v6.4-beta2
Resolution: NEEDINFO:No

Description

Add samba audit support.
The audit should be enable/disabled on each ibay using the web ui.

All audit should also be browsable using a simple web interface.


Related issues

Related to NethServer 6 - Enhancement #1967: SambaAudit: move configuration inside samba tab CLOSED
Related to NethServer 6 - Enhancement #2065: Samba-audit: FHS 2.3 compliance CLOSED
Duplicated by NethServer 6 - Bug #2089: Samba-audit should request nethserver-samba CLOSED

Associated revisions

Revision feba78a7
Added by Giacomo Sanchietti about 8 years ago

First import. Refs #1963

Revision e28148c5
Added by Giacomo Sanchietti about 8 years ago

smbauditdbupdate.pl: fix database name. Refs #1963

Revision e725b77d
Added by Giacomo Sanchietti about 8 years ago

smbaudit.log: add empty smbaudit.log file. Refs #1963

Revision 07c1882d
Added by Giacomo Sanchietti about 8 years ago

spec: mark smbaudit.log as config file. Refs #1963

Revision 76b664da
Added by Giacomo Sanchietti about 8 years ago

createlinks: force rsyslog restart (reload is not implemented). Refs #1963

Revision 0e4f2e0f
Added by Giacomo Sanchietti about 8 years ago

smbauditdbupdate.pl: change query accordingly to new table. Refs #1963

Revision 47b62e68
Added by Giacomo Sanchietti about 8 years ago

nethserver-samba-audit-conf, smbaudit.conf template: move random generation to nethserver-samba-audit-conf action. Refs #1963

Revision 1d881741
Added by Giacomo Sanchietti about 8 years ago

spec: add nethserver-mysql and nethserver-samba dependencies. Refs #1963

Revision b5e6a1ca
Added by Giacomo Sanchietti about 8 years ago

createlinks: move nethserver-samba-audit-conf action before expand-template. Refs #1963

Revision 38c2defe
Added by Davide Principi about 8 years ago

Relocated /usr/local/bin in /usr/bin, fixing permissions. Refs #1963

History

#1 Updated by Giacomo Sanchietti about 8 years ago

  • Status changed from NEW to ON_DEV
  • % Done changed from 0 to 30

#2 Updated by Giacomo Sanchietti about 8 years ago

  • Status changed from ON_DEV to ON_QA
  • % Done changed from 30 to 80

#3 Updated by Giacomo Sanchietti about 8 years ago

  • Assignee set to Giacomo Sanchietti

Needs documentation.

#4 Updated by Giacomo Sanchietti about 8 years ago

  • Status changed from ON_QA to ON_DEV
  • % Done changed from 80 to 30

Needs documentation.

#5 Updated by Giacomo Sanchietti about 8 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 70

#6 Updated by Giacomo Sanchietti about 8 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 70 to 80

Package in nethserver-testing: nethserver-samba-audit-1.0.0

Test and install:
  • yum --enablerepo=nethserver-testing install nethserver-samba-audit
  • Create and i-bay and enable Samba Audit on it
  • Do some requests to the i-bay with a client
  • Enter the web ui from Dashboard, click on Reload button and check new entry in the ui

#7 Updated by Davide Principi about 8 years ago

  • Assignee changed from Giacomo Sanchietti to Davide Principi

#8 Updated by Davide Principi about 8 years ago

I had some problems during nethserver-mysql installation: it requires deeper investigations...

Some things to check:
  • nethserver-samba and nethserver-mysql RPM dependencies must be added
  • After installation, the web UI complains about a missing /var/log/smbaudit.log file: why not adding a placeholder, marked as "configuration" file in the RPM?
  • Syslog messages from smbd were directed to /var/log/messages. After rsyslogd restart went to /var/log/smbaudit.log (and the previous problem disappears)
  • In source:nethserver-samba-audit|root/usr/local/bin/smbauditdbupdate.pl@feba78a7#L9 the dbi string uses smbd as database name, but I found smbaudit database in mysql. From the web UI:
    DBI connect('smbd:localhost','root',...) failed: Unknown database 'smbd' at /usr/local/bin/smbauditdbupdate.pl line 10 \
    Cannot connect to database: Unknown database 'smbd' at /usr/local/bin/smbauditdbupdate.pl line 10. error: error running \
    non-shared prerotate script for /var/log/smbaudit.log of '/var/log/smbaudit.log ' 
    

#9 Updated by Davide Principi about 8 years ago

  • Status changed from ON_QA to ON_DEV
  • Assignee deleted (Davide Principi)
  • % Done changed from 80 to 30

#10 Updated by Giacomo Sanchietti about 8 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 30 to 60
Various fixes:
  • restart rsyslog on nethserver-samba-audit-update event
  • fix /usr/local/bin/smbauditdbupdate.pl
  • move random hash generation to nethserver-samba-audit-conf
  • FHS compliant #2065

#11 Updated by Giacomo Sanchietti about 8 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
New package in nethserver-testing:
  • nethserver-samba-audit-1.0.1

Test case

  • Re-check all!

#12 Updated by Alessio Fattorini about 8 years ago

  • Status changed from ON_QA to ON_DEV
  • Assignee set to Alessio Fattorini
  • % Done changed from 70 to 30

Installed nethserver-samba-audit-1.0.1-1.ns6.noarch

When i try to access form dashboard i have this error:

Forbidden

You don't have permission to access / on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

And on error.log i have this:

[Sat Jul 27 07:52:25 2013] [error] [client 192.168.5.19] Directory index forbidden by Options directive: /usr/share/smbaudit
[Sat Jul 27 07:52:25 2013] [error] [client 192.168.5.19] File does not exist: /usr/share/smbauditerror
[Sat Jul 27 07:52:25 2013] [error] [client 192.168.5.19] File does not exist: /usr/share/smbauditfavicon.ico

#13 Updated by Giacomo Sanchietti about 8 years ago

  • Assignee changed from Alessio Fattorini to Giacomo Sanchietti

This is because nethserver-samba has been installed after nethserver-samba-audit.

I will add a direct dependency.

#14 Updated by Giacomo Sanchietti about 8 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60
Changes:
  • move nethserver-samba-audit-conf action before expand-template
  • add nethserver-mysql and nethserver-samba dependencies

#15 Updated by Giacomo Sanchietti about 8 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
New package in nethserver-testing (I hope it's the last):
  • nethserver-samba-audit-1.0.2-1
Before install, make sure to update the system. These packages must be installed:
  • nethserver-base.noarch-1.4.0-1
  • nethserver-lib.noarch-1.3.0-1
  • nethserver-yum.noarch-1.1.1-1

List of nethserver packages after installation:

[root@test ~]# rpm -qa | grep nethserver
nethserver-php-1.1.0-1.ns6.noarch
nethserver-smartd-1.0.0-1.ns6.noarch
nethserver-ntp-1.0.4-1.ns6.noarch
nethserver-yum-1.1.1-1.ns6.noarch
nethserver-nethgui-1.2.2-1.ns6.noarch
nethserver-httpd-2.2.1-1.ns6.noarch
nethserver-mysql-1.0.4-1.ns6.noarch
nethserver-directory-1.2.2-1.ns6.noarch
nethserver-ibays-2.0.0-1.ns6.noarch
nethserver-httpd-admin-1.0.4-1.ns6.noarch
nethserver-grub-1.0.1-1.ns6.noarch
nethserver-openssh-1.0.2-1.ns6.noarch
nethserver-release-6.4-beta1.noarch
nethserver-lib-1.3.0-1.ns6.noarch
nethserver-base-1.4.0-1.ns6.noarch
nethserver-samba-1.3.6-1.ns6.noarch
nethserver-samba-audit-1.0.2-1.ns6.noarch

After creating a valid user (giacomo) and a share (share1):

[root@test ~]# smbclient //localhost/share1 -U giacomo
Enter giacomo's password: 
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.9-151.el6]
smb: \> put anaconda-ks.cfg 
putting file anaconda-ks.cfg as \anaconda-ks.cfg (20.6 kb/s) (average 20.6 kb/s)
smb: \> exit

[root@test ~]# cat /var/log/smbaudit.log 
Jul  4 14:53:45 test smbd[16952]: smbauditlog|2013/07/04 14:53:45|giacomo|127.0.0.1|share1|giacomo|open|ok|w|anaconda-ks.cfg

After web ui access, hit the "Reload" link, the entry in /var/log/smbaudit.log shoud be moved inside the db.

#16 Updated by Davide Principi about 8 years ago

  • Assignee set to Davide Principi

#17 Updated by Davide Principi about 8 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 70 to 90

In nethserver-testing:
nethserver-samba-audit-1.0.3-1.ns6.noarch.rpm

#18 Updated by Davide Principi about 8 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

Moved to nethserver-updates repository

Also available in: Atom PDF