From 7d1bcfc99c393367093c903f95a5e365881b7989 Mon Sep 17 00:00:00 2001 From: "Timur I. Bakeyev" <timur@iXsystems.com> Date: Fri, 22 Jun 2018 12:15:30 +0800 Subject: [PATCH 1/3] Make sure that vfs*audit modules recognize and accept all the syslog facilities. --- source3/modules/vfs_audit.c | 34 +++++++++++++++++++++++----------- source3/modules/vfs_extd_audit.c | 34 +++++++++++++++++++++++----------- source3/modules/vfs_full_audit.c | 34 +++++++++++++++++++++++----------- 3 files changed, 69 insertions(+), 33 deletions(-) diff --git a/source3/modules/vfs_audit.c b/source3/modules/vfs_audit.c index 12477d5b01f..4f9d16c452e 100644 --- a/source3/modules/vfs_audit.c +++ b/source3/modules/vfs_audit.c @@ -33,16 +33,28 @@ static int audit_syslog_facility(vfs_handle_struct *handle) { static const struct enum_list enum_log_facilities[] = { - { LOG_USER, "USER" }, - { LOG_LOCAL0, "LOCAL0" }, - { LOG_LOCAL1, "LOCAL1" }, - { LOG_LOCAL2, "LOCAL2" }, - { LOG_LOCAL3, "LOCAL3" }, - { LOG_LOCAL4, "LOCAL4" }, - { LOG_LOCAL5, "LOCAL5" }, - { LOG_LOCAL6, "LOCAL6" }, - { LOG_LOCAL7, "LOCAL7" }, - { -1, NULL} + { LOG_AUTH, "AUTH" }, + { LOG_CRON, "CRON" }, + { LOG_DAEMON, "DAEMON" }, + { LOG_FTP, "FTP" }, + { LOG_KERN, "KERN" }, + { LOG_LPR, "LPR" }, + { LOG_MAIL, "MAIL" }, + { LOG_NEWS, "NEWS" }, + { LOG_NTP, "NTP" }, + { LOG_SECURITY, "SECURITY" }, + { LOG_SYSLOG, "SYSLOG" }, + { LOG_USER, "USER" }, + { LOG_UUCP, "UUCP" }, + { LOG_LOCAL0, "LOCAL0" }, + { LOG_LOCAL1, "LOCAL1" }, + { LOG_LOCAL2, "LOCAL2" }, + { LOG_LOCAL3, "LOCAL3" }, + { LOG_LOCAL4, "LOCAL4" }, + { LOG_LOCAL5, "LOCAL5" }, + { LOG_LOCAL6, "LOCAL6" }, + { LOG_LOCAL7, "LOCAL7" }, + { -1, NULL } }; int facility; @@ -64,7 +76,7 @@ static int audit_syslog_priority(vfs_handle_struct *handle) { LOG_NOTICE, "NOTICE" }, { LOG_INFO, "INFO" }, { LOG_DEBUG, "DEBUG" }, - { -1, NULL} + { -1, NULL } }; int priority; diff --git a/source3/modules/vfs_extd_audit.c b/source3/modules/vfs_extd_audit.c index 7d1fe273978..5307569a010 100644 --- a/source3/modules/vfs_extd_audit.c +++ b/source3/modules/vfs_extd_audit.c @@ -36,16 +36,28 @@ static int vfs_extd_audit_debug_level = DBGC_VFS; static int audit_syslog_facility(vfs_handle_struct *handle) { static const struct enum_list enum_log_facilities[] = { - { LOG_USER, "USER" }, - { LOG_LOCAL0, "LOCAL0" }, - { LOG_LOCAL1, "LOCAL1" }, - { LOG_LOCAL2, "LOCAL2" }, - { LOG_LOCAL3, "LOCAL3" }, - { LOG_LOCAL4, "LOCAL4" }, - { LOG_LOCAL5, "LOCAL5" }, - { LOG_LOCAL6, "LOCAL6" }, - { LOG_LOCAL7, "LOCAL7" }, - { -1, NULL} + { LOG_AUTH, "AUTH" }, + { LOG_CRON, "CRON" }, + { LOG_DAEMON, "DAEMON" }, + { LOG_FTP, "FTP" }, + { LOG_KERN, "KERN" }, + { LOG_LPR, "LPR" }, + { LOG_MAIL, "MAIL" }, + { LOG_NEWS, "NEWS" }, + { LOG_NTP, "NTP" }, + { LOG_SECURITY, "SECURITY" }, + { LOG_SYSLOG, "SYSLOG" }, + { LOG_USER, "USER" }, + { LOG_UUCP, "UUCP" }, + { LOG_LOCAL0, "LOCAL0" }, + { LOG_LOCAL1, "LOCAL1" }, + { LOG_LOCAL2, "LOCAL2" }, + { LOG_LOCAL3, "LOCAL3" }, + { LOG_LOCAL4, "LOCAL4" }, + { LOG_LOCAL5, "LOCAL5" }, + { LOG_LOCAL6, "LOCAL6" }, + { LOG_LOCAL7, "LOCAL7" }, + { -1, NULL } }; int facility; @@ -67,7 +79,7 @@ static int audit_syslog_priority(vfs_handle_struct *handle) { LOG_NOTICE, "NOTICE" }, { LOG_INFO, "INFO" }, { LOG_DEBUG, "DEBUG" }, - { -1, NULL} + { -1, NULL } }; int priority; diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c index a205007f46f..a52af4b5740 100644 --- a/source3/modules/vfs_full_audit.c +++ b/source3/modules/vfs_full_audit.c @@ -357,16 +357,28 @@ static struct { static int audit_syslog_facility(vfs_handle_struct *handle) { static const struct enum_list enum_log_facilities[] = { - { LOG_USER, "USER" }, - { LOG_LOCAL0, "LOCAL0" }, - { LOG_LOCAL1, "LOCAL1" }, - { LOG_LOCAL2, "LOCAL2" }, - { LOG_LOCAL3, "LOCAL3" }, - { LOG_LOCAL4, "LOCAL4" }, - { LOG_LOCAL5, "LOCAL5" }, - { LOG_LOCAL6, "LOCAL6" }, - { LOG_LOCAL7, "LOCAL7" }, - { -1, NULL} + { LOG_AUTH, "AUTH" }, + { LOG_CRON, "CRON" }, + { LOG_DAEMON, "DAEMON" }, + { LOG_FTP, "FTP" }, + { LOG_KERN, "KERN" }, + { LOG_LPR, "LPR" }, + { LOG_MAIL, "MAIL" }, + { LOG_NEWS, "NEWS" }, + { LOG_NTP, "NTP" }, + { LOG_SECURITY, "SECURITY" }, + { LOG_SYSLOG, "SYSLOG" }, + { LOG_USER, "USER" }, + { LOG_UUCP, "UUCP" }, + { LOG_LOCAL0, "LOCAL0" }, + { LOG_LOCAL1, "LOCAL1" }, + { LOG_LOCAL2, "LOCAL2" }, + { LOG_LOCAL3, "LOCAL3" }, + { LOG_LOCAL4, "LOCAL4" }, + { LOG_LOCAL5, "LOCAL5" }, + { LOG_LOCAL6, "LOCAL6" }, + { LOG_LOCAL7, "LOCAL7" }, + { -1, NULL } }; int facility; @@ -387,7 +399,7 @@ static int audit_syslog_priority(vfs_handle_struct *handle) { LOG_NOTICE, "NOTICE" }, { LOG_INFO, "INFO" }, { LOG_DEBUG, "DEBUG" }, - { -1, NULL} + { -1, NULL } }; int priority; -- 2.16.3 From b98fc517251ad25b695ef64453ffe3eaaffed5d8 Mon Sep 17 00:00:00 2001 From: "Timur I. Bakeyev" <timur@iXsystems.com> Date: Fri, 22 Jun 2018 12:19:42 +0800 Subject: [PATCH 2/3] Make "none" is the default setting for the successful and failed operations in the vfs_full_audit, so you don't blow up your server by just adding this module to the configuration. --- source3/modules/vfs_full_audit.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c index a52af4b5740..bc40c8137dc 100644 --- a/source3/modules/vfs_full_audit.c +++ b/source3/modules/vfs_full_audit.c @@ -624,6 +624,7 @@ static int smb_full_audit_connect(vfs_handle_struct *handle, const char *svc, const char *user) { int result; + const char *none[] = { "none" }; struct vfs_full_audit_private_data *pd = NULL; result = SMB_VFS_NEXT_CONNECT(handle, svc, user); @@ -663,10 +664,10 @@ static int smb_full_audit_connect(vfs_handle_struct *handle, pd->success_ops = init_bitmap( pd, lp_parm_string_list(SNUM(handle->conn), "full_audit", - "success", NULL)); + "success", none)); pd->failure_ops = init_bitmap( pd, lp_parm_string_list(SNUM(handle->conn), "full_audit", - "failure", NULL)); + "failure", none)); /* Store the private data. */ SMB_VFS_HANDLE_SET_DATA(handle, pd, NULL, -- 2.16.3 From e25f3a6cfc284737d8df941686f6629568763103 Mon Sep 17 00:00:00 2001 From: "Timur I. Bakeyev" <timur@iXsystems.com> Date: Fri, 22 Jun 2018 12:36:07 +0800 Subject: [PATCH 3/3] Document that vfs_full_audit defaults are "none" for the successful and failed operations. --- docs-xml/manpages/vfs_full_audit.8.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs-xml/manpages/vfs_full_audit.8.xml b/docs-xml/manpages/vfs_full_audit.8.xml index cefe66d8b6f..ac8473f9990 100644 --- a/docs-xml/manpages/vfs_full_audit.8.xml +++ b/docs-xml/manpages/vfs_full_audit.8.xml @@ -164,7 +164,7 @@ <para>LIST is a list of VFS operations that should be recorded if they succeed. Operations are specified using the names listed above. Operations can be unset by prefixing - the names with "!". The default is all operations. + the names with "!". The default is none operations. </para> </listitem> @@ -176,7 +176,7 @@ <para>LIST is a list of VFS operations that should be recorded if they failed. Operations are specified using the names listed above. Operations can be unset by prefixing - the names with "!". The default is all operations. + the names with "!". The default is none operations. </para> </listitem> -- 2.16.3