Smb.conf - COM AUDITORIA

De Wiki NOC

Servidor de Arquivos - SAMBA

Arquivo smb.conf.MODELO sem PDC:



[global]
        workgroup = <NOME DA EMPRESA>
        comment = Debian
        netbios name = arquivos
        map to guest = Bad User
        username map = /etc/samba/smbusers
     ** hosts allow = 192.168.1. 192.168.0. --> (Ver a necessidade de usar esse parametro)
        obey pam restrictions = Yes
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        log file = /var/log/samba/%U.log
        load printers = No
        add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s /bin/false %m$
        domain logons = No
        domain master = No
        passdb backend = smbpasswd
        update encrypted = Yes
        null passwords = Yes
        encrypt passwords = Yes
        smb passwd file = /etc/samba/smbpasswd
        deadtime = 15
        dns proxy = no
        keepalive = 20
        max log size = 0
        debug level = 2
        vfs object = /usr/lib/samba/vfs/recycle.so
        recycle:repository = .lixeira
        recycle:keeptree = yes
        ldap suffix =
        wins support = Yes

;IMPRESSORAS
        ;printing = cups
        ;printcap name = cups
        ;printcap cache time = 750
        ;cups options = raw

;AUDITORIA
        vfs objects = /usr/lib/samba/vfs/full_audit.so
        full_audit:facility = LOCAL5
        full_audit:priority = NOTICE
        full_audit:prefix = %u|U%|%I|%S
        full_audit:success = rename rmdir unlink write
        full_audit:failure = none

#### Configurar rsyslog para gerar os logs de auditoria
#### Acrescentar as linhas abaixo no arquivo /etc/rsyslog.conf
# auditoria samba
local5.notice /var/log/samba/auditoria.log

#### IMPRESSORAS

[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700

[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no


##### COMPARTILHAMENTOS

[adm]
        path = /CAMINHO/administrativo
        admin users = root
        valid users = @admin
        read only = No
        write list = @adm
        force user = root
        force group = adm
        veto files = /*.mp3/*.wmv/*.wma/*.ogg/*.exe/

[vendas]
        path = /CAMINHO/vendas
        admin users = root
        valid users = @vendas
        read only = No
        write list = @vendas
        force user = root
        force group = vendas
        veto files = /*.mp3/*.wmv/*.wma/*.ogg/*.exe/



Ferramentas pessoais