Bug #2870
Smbaudit doesn't show the name of the file for some operations
| Status: | CLOSED | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 100% | |
| Category: | nethserver-samba-audit | |||
| Target version: | v6.5 | |||
| Security class: | Resolution: | |||
| Affected version: | v6.5-final | NEEDINFO: | No |
Description
All actions of the "elimination" are registered but have no way of know which file was deleted.
Same thing for the renaming, I know only the name of the file renamed, but not the new name that has been assigned.
Moreover there are a lot of rows with a generic "other operation" action, which gives no information about the action indicated
See attachment for more info
Associated revisions
Log parser: handle special cases. Refs #2870
Log parser: fix rename action. Refs #2870
History
#1
Updated by Giacomo Sanchietti almost 7 years ago
Please attach the log.
#2
Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
- Affected version set to v6.5-final
Extract from /var/log/smbaudit.log:
Sep 11 12:30:42 localhost smbd[26698]: smbauditlog|2014/09/11 12:30:42|giacomo|192.168.5.22|test|giacomo|open|ok|r|COPYING Sep 11 12:30:46 localhost smbd[26698]: smbauditlog|2014/09/11 12:30:46|giacomo|192.168.5.22|test|giacomo|open|ok|w|Corso_Linux_Base.pdf Sep 11 12:30:51 localhost smbd[26698]: smbauditlog|2014/09/11 12:30:51|giacomo|192.168.5.22|test|giacomo|rename|ok|Corso_Linux_Base.pdf|aaa.pdf Sep 11 12:30:58 localhost smbd[26698]: smbauditlog|2014/09/11 12:30:58|giacomo|192.168.5.22|test|giacomo|unlink|ok|COPYING
Extract from MySQL table:
[root@localhost ~]# mysql smbaudit -e "select * from audit"; +----+---------------------+-------+--------------+---------+--------+--------+---------+ | id | when | share | ip | user | op | result | arg | +----+---------------------+-------+--------------+---------+--------+--------+---------+ | 1 | 2014-09-11 12:02:30 | test | 192.168.5.22 | giacomo | open | ok | COPYING | | 2 | 2014-09-11 12:02:51 | test | 192.168.5.22 | giacomo | unlink | ok | NULL | +----+---------------------+-------+--------------+---------+--------+--------+---------+
Not all parameters are reported inside the MySQL table: the bug is confirmed.
#3
Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#4
Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 30 to 60
#5
Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
nethserver-samba-audit-1.0.3-1.0git7132b949.ns6.noarch.rpm- nethserver-samba-audit-1.0.3-2.0git30b1c007.ns6.noarch.rpm
- Check the bug is not reproducible
- Check the system correctly displays read and write operations
- Check the system correctly displays rename operations
#6
Updated by Davide Principi almost 7 years ago
- Assignee set to Davide Principi
#7
Updated by Davide Principi almost 7 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 70 to 90
VERIFIED
nethserver-samba-audit-1.0.3-2.0git30b1c007.ns6.noarch.rpm fixes the problem
#8
Updated by Davide Principi almost 7 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
In nethserver-updates:
nethserver-samba-audit-1.0.4-1.ns6.noarch.rpm