How to install and configure Samba Server with FULL AUDIT on Ubuntu (Server)14.04 LTS Step-by-Step

m.slavov

This guide explains how to configure samba server in Ubuntu 14.04 with anonymous & secured samba servers. Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients. Samba is freely available, unlike other SMB/CIFS implementations, and allows for interoperability between Linux/Unix servers and Windows-based clients. I’ll be logged in as root.

Step 1 – Update repositories.

root@mail:/# apt-get update
root@mail:/# apt-get upgrade

Step 2 – Install samba.

root@mail:/# apt-get install samba

Step 3 – Backup config file .

root@mail:/# cp /etc/samba/smb.conf /etc/samba/smb.conf.backup

Main Configuration

Step 4 – Open config file.

root@mail:/# nano /etc/samba/smb.conf

Step 5 – Configuration of Samba server.
1 – [global] – The rules defined here apply for all shared folders
2 – follow symlinks = yes //allow using shortcut
3 – unix extensions – no //denied using unix extention
4 – [ftp] // name of share
5 – path = /srv/samba/ftp //path of share
6 – create mask = 0775

   – force create mode = 0775
   – directory mask = 0775
   – force create mode = 0775 // These are the permissions, which will be used for creation of files and folders. In this way the files and folders will be edited only by the users of the particular group. If you want these files and folders to be edited by all users, you have to change the permissions to 777
7 -valid users
   – write list = mslavov // The users who will have permission to write in this directory
8 – [yoursharedfolder]
   – comment = yoursharedfolder
   – path = /srv/samba/yoursharedfolder //If you want to create your own shared folder, you just have to change the folders names with your folders names and to add the rules which you want for your folder.

This is mine config file.

[global]
follow symlinks = yes
wide links = yes
unix extensions = no

[ftp]
comment = ftp
path = /srv/samba/ftp
browseable = yes
valid users = mslavov, YOURUSER, test, test1
write list = mslavov, YOURUSER, test, test1
create mask = 0775
force create mode = 0775
public = no
guest only = no
directory mask = 0775
force directory mode = 0775
store dos attributes = Yes
hide unreadable = yes
hide files = /examples.desktop

[yoursharedfolder]
comment = yoursharedfolder
path = /srv/samba/yoursharedfolder

Step 6 – Add users in Samba Server and after that add the user for particular folder in config file /etc/samba/smb.conf. Then you must restart samba service.

root@mail:/# smbpasswd -a youruser

Step 7 – Now you must restart samba service.

root@mail:/# restart nmbd
root@mail:/# restart smbd

Step 8 – Create folder for your share and give full right.

root@mail:/# mkdir /etc/samba/ftp
root@mail:/# chmod 777 /etc/samba/ftp

Step 9 – Add share folder on Windows.
My Computer -> Map network drive -> \\Ip address of samba server\\name of your shared folder -> add your samba user and password.

Advanced Configuration

In this part I will show you how to configure .

Step 10 – Open config file nano /etc/samba/smb.conf and add the following line:
  vfs objects = full_audit
  full_audit:success = mkdir rmdir read pread write pwrite rename unlink
  full_audit:prefix = %u|%I|%m|%S
  full_audit:failure = none
  full_audit:facility = local5
  full_audit:priority = notice
  recycle:repository = /home/recycle/
  recycle:keeptree = yes
  recycle:versions = yes
  log file = /var/log/samba/samba.log
You can add more attries but I strongly recommended to add only this mkdir rename unlink rmdir write. These are other attributes for full_audit:success = connect disconnect opendir mkdir rmdir closedir open close read pread write pwrite sendfile rename unlink chmod fchmod chown fchown chdir lock symlink
After this your file will look like:

[ftp]
  comment = ftp
  path = /srv/samba/ftp
  browseable = yes
  valid users = mslavov, YOURUSER, test, test1
  write list = mslavov, YOURUSER, test, test1
  create mask = 0775
  force create mode = 0775
  public = no
  guest only = no
  directory mask = 0775
  force directory mode = 0775
  store dos attributes = Yes
  hide unreadable = yes
  hide files = /examples.desktop
  vfs objects = full_audit
  full_audit:success = mkdir rmdir read pread write pwrite rename unlink
  full_audit:prefix = %u|%I|%m|%S
  #full_audit:failure = none
  full_audit:failure = connect
  full_audit:facility = local5
  full_audit:priority = notice
  recycle:repository = /home/recycle/
  recycle:keeptree = yes
  recycle:versions = yes
  log file = /var/log/samba/samba.log

Step 11 – Create log file for samba audit. Execute the following command nano /etc/rsyslog.d/50-default.conf and find *.* …..line and make the changes to look like this:

auth,authpriv.*       /var/log/auth.log
*.*;local5,auth,authpriv.none*       -/var/log/syslog
local5.notice*       /var/log/samba-audit.log

Step 12 – Create file for audit and change permission.

root@mail:/# touch /var/log/samba-audit.log
root@mail:/# chown syslog:adm /var/log/samba-audit.log

Step 13 – Open this file /etc/logrotate.d/samba and add the following lines:

/var/log/samba-audit.log {
    weekly
    missingok
    rotate 7
    postrotate
         reload rsyslog > /dev/null 2>&1 || true
    endscript
    compress
    notifempty
}

Step 13 – Restart rsyslog and samba service.

root@mail:/# reboot

Step 14 – Now you can see audit for test folder for Jun 12

root@mail:/# cat /var/log/samba-audit.log | grep test | grep “Jun 12″
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|rename|ok|New folder|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|fstat|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|getxattr|ok|test|user.DOSATTRIB
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|close|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|./test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|./test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|./test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|get_nt_acl|ok|./test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|getxattr|ok|./test|user.DOSATTRIB
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|./test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|./test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|./test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|get_nt_acl|ok|./test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|getxattr|ok|./test|user.DOSATTRIB
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|getxattr|ok|test|user.DOSATTRIB
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|get_nt_acl|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|get_nt_acl|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|open|ok|r|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|fstat|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|create_file|ok|0x100080|file|open|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|get_nt_acl|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|getxattr|ok|test|user.DOSATTRIB
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|close|ok|test
Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|test
Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|getxattr|ok|test|user.DOSATTRIB
Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|test
Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test
Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test
Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|get_nt_acl|ok|test
Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|open|ok|r|test
Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|fstat|ok|test
Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|close|ok|test
Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|test
Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test

8 ThemeHow to create script for BACKUP and use crontab on Ubuntu (Server) 14.04 LTS Step-by-Step

Share

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*
Website