[Pkg-samba-maint] Bug#1007835: Bug#1007835: samba: Full audit logs all activity instead of selected only -- error after upgrade from buster to bullseye

Andrew Bartlett abartlet at samba.org
Thu Mar 17 19:58:55 GMT 2022 

The names of the functions changed.  Ideally we would have had an alias
when we added to "at" to the end, but nobody added that.  Patches
upstream at:

https://wiki.samba.org/index.php/Contribute

will be accepted, with tests.

This should be correct in the docs now, at least for current versions
(I've not checked 4.13). 

Andrew Bartlett

On Thu, 2022-03-17 at 16:45 +0100, Leszek Dubiel wrote:
> Package: samba
> Version: 2:4.13.13+dfsg-1~deb11u3
> Severity: normal
> 
> After upgrade from buster to bullseye samba full audit started to log
> ALL activity
> despite opitons in /etc/samba/smb.conf stayed the same.
> 
> There are two options in /etc/samba/smb.conf
> 
> 	vfs objects = full_audit
> 	full_audit:success = mkdir rmdir open rename unlink
> 
> Then I rename file from "old" to "new" and logs show:
> 
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|renameat|ok|/home/leszek/Prywatny/aa/old|/home/l
> eszek/Prywatny/aa/new
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|close|ok|/home/leszek/Prywatny/aa/new
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|stat|ok|/home/leszek/Prywatny/aa/new
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|getxattr|ok|/home/leszek/Prywatny/aa/new|user.DO
> SATTRIB
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|get_dos_attributes|ok|/home/leszek/Prywatny/aa/n
> ew
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|file_id_create|ok|26:54616484:0
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|stat|ok|/home/leszek/Prywatny/aa/new
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|sys_acl_get_file|ok|/home/leszek/Prywatny/aa/new
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|sys_acl_get_file|ok|/home/leszek/Prywatny/aa/new
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|get_nt_acl_at|ok|/home/leszek/Prywatny/aa/new
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|stat|ok|/home/leszek/Prywatny/aa/new
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|sys_acl_get_file|ok|/home/leszek/Prywatny/aa/new
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|sys_acl_get_file|ok|/home/leszek/Prywatny/aa/new
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|get_nt_acl_at|ok|/home/leszek/Prywatny/aa/new
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|file_id_create|ok|26:54616484:0
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|stat|ok|/home/leszek/Prywatny
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|file_id_create|ok|26:64129:0
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|stat|ok|/home/leszek/Prywatny
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|chdir|ok|chdir|/home/leszek/Prywatny/aa/new
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|stat|ok|/home/leszek/Prywatny
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|file_id_create|ok|26:54616484:0
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|getwd|ok|/home/leszek/Prywatny/aa/new
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|file_id_create|ok|26:54616484:0
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|realpath|ok|/home/leszek/Prywatny/aa/new
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|connectpath|ok|/home/leszek/Prywatny/aa/new
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|openat|ok|r|/home/leszek/Prywatny/aa/new
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|chdir|ok|chdir|/home/leszek/Prywatny
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|stat|ok|/home/leszek/Prywatny/aa/new
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|file_id_create|ok|26:64129:0
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|stat|ok|/home/leszek/Prywatny
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|fstat|ok|/home/leszek/Prywatny/aa/new
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|create_file|ok|0x80|file|open|/home/leszek/Prywa
> tny/aa/new
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|getxattr|ok|/home/leszek/Prywatny/aa/new|user.DO
> SATTRIB
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|get_dos_attributes|ok|/home/leszek/Prywatny/aa/n
> ew
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|get_alloc_size|ok|0
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|fstat|ok|/home/leszek/Prywatny/aa/new
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|file_id_create|ok|26:54616484:0
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|getxattr|ok|/home/leszek/Prywatny/aa/new|user.DO
> SATTRIB
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|get_dos_attributes|ok|/home/leszek/Prywatny/aa/n
> ew
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|get_alloc_size|ok|0
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|fs_file_id|ok|10992394656229373408
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|flistxattr|ok|/home/leszek/Prywatny/aa/new
> Mar 17 16:40:27 wawel smbd_audit:
> leszek|192.168.18.35|close|ok|/home/leszek/Prywatny/aa/new
> 
> 
> 
> 
> -- Package-specific info:
> * /etc/samba/smb.conf present, and attached
> * /var/lib/samba/dhcp.conf present, and attached
> 
> -- System Information:
> Debian Release: 11.2
>    APT prefers stable-updates
>    APT policy: (500, 'stable-updates'), (500, 'stable-security'),
> (500, 'stable')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 5.10.0-12-amd64 (SMP w/8 CPU threads)
> Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8),
> LANGUAGE not set
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> 
> Versions of packages samba depends on:
> ii  adduser              3.118
> ii  dpkg                 1.20.9
> ii  init-system-helpers  1.60
> ii  libbsd0              0.11.3-1
> ii  libc6                2.31-13+deb11u2
> ii  libgnutls30          3.7.1-5
> ii  libldb2              2:2.2.3-2~deb11u1
> ii  libpam-modules       1.4.0-9+deb11u1
> ii  libpam-runtime       1.4.0-9+deb11u1
> ii  libpopt0             1.18-2
> ii  libpython3.9         3.9.2-1
> ii  libtalloc2           2.3.1-2+b1
> ii  libtasn1-6           4.16.0-2
> ii  libtdb1              1.4.3-1+b1
> ii  libtevent0           0.10.2-1
> ii  libwbclient0         2:4.13.13+dfsg-1~deb11u3
> ii  lsb-base             11.1.0
> ii  procps               2:3.3.17-5
> ii  python3              3.9.2-3
> ii  python3-dnspython    2.0.0-1
> ii  python3-samba        2:4.13.13+dfsg-1~deb11u3
> ii  samba-common         2:4.13.13+dfsg-1~deb11u3
> ii  samba-common-bin     2:4.13.13+dfsg-1~deb11u3
> ii  samba-libs           2:4.13.13+dfsg-1~deb11u3
> ii  tdb-tools            1.4.3-1+b1
> 
> Versions of packages samba recommends:
> pn  attr                <none>
> ii  logrotate           3.18.0-2
> pn  python3-markdown    <none>
> pn  samba-dsdb-modules  <none>
> ii  samba-vfs-modules   2:4.13.13+dfsg-1~deb11u3
> 
> Versions of packages samba suggests:
> ii  bind9                     1:9.16.22-1~deb11u1
> ii  bind9-utils [bind9utils]  1:9.16.22-1~deb11u1
> pn  ctdb                      <none>
> pn  ldb-tools                 <none>
> ii  ntp                       1:4.2.8p15+dfsg-1
> pn  smbldap-tools             <none>
> pn  ufw                       <none>
> pn  winbind                   <none>
> 
> -- Configuration Files:
> /etc/logrotate.d/samba changed:
> /var/log/samba/log.smbd {
> 	daily
> 	missingok
> 	rotate 90
> 	postrotate
> 		[ ! -x /usr/bin/smbcontrol ] || [ ! -f
> /run/samba/smbd.pid ] || /usr/bin/smbcontrol smbd reload-config
> 	endscript
> 	compress
> 	delaycompress
> 	notifempty
> }
> /var/log/samba/log.nmbd {
> 	daily
> 	missingok
> 	rotate 90
> 	postrotate
> 		[ ! -x /usr/bin/smbcontrol ] || [ ! -f
> /run/samba/nmbd.pid ] || /usr/bin/smbcontrol nmbd reload-config
> 	endscript
> 	compress
> 	delaycompress
> 	notifempty
> }
> /var/log/samba/log.samba {
> 	daily
> 	missingok
> 	rotate 90
> 	postrotate
> 		if [ -d /run/systemd/system ] && command systemctl
> >/dev/null 2>&1 && systemctl is-active --quiet samba-ad-dc; then
> 			systemctl kill --kill-who all --signal=SIGHUP
> samba-ad-dc
> 		elif [ -f /run/samba/samba.pid ]; then
> 			# This only sends to main pid, See #803924
> 			kill -HUP `cat /run/samba/samba.pid`
> 		fi
> 	endscript
> 	compress
> 	delaycompress
> 	notifempty
> }
> 
> 
> -- debconf information:
> * samba/tdbsam: true
>    samba/nmbd_from_inetd:
>    samba/generate_smbpasswd: false
> * samba/log_files_moved:
>    samba-common/title:
> * samba/run_mode: daemons
> 
> _______________________________________________
> Pkg-samba-maint mailing list
> Pkg-samba-maint at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-samba-maint
-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions

More information about the Pkg-samba-maint mailing list