vfs_full_audit man page on Kali

Man page or keyword search:  
man Server   9211 pages
apropos Keyword Search (all sections)
Output format
Kali logo
[printable version]

VFS_FULL_AUDIT(8)	  System Administration tools	     VFS_FULL_AUDIT(8)

NAME
       vfs_full_audit - record Samba VFS operations in the system log

SYNOPSIS
       vfs objects = full_audit

DESCRIPTION
       This VFS module is part of the samba(7) suite.

       The vfs_full_audit VFS module records selected client operations to the
       system log using syslog(3).

       vfs_full_audit is able to record the complete set of Samba VFS
       operations:
	   chdir
	   chflags
	   chmod
	   chmod_acl
	   chown
	   close
	   closedir
	   connect
	   copy_chunk_send
	   copy_chunk_recv
	   disconnect
	   disk_free
	   fchmod
	   fchmod_acl
	   fchown
	   fget_nt_acl
	   fgetxattr
	   flistxattr
	   fremovexattr
	   fset_nt_acl
	   fsetxattr
	   fstat
	   fsync
	   ftruncate
	   get_compression
	   get_nt_acl
	   get_quota
	   get_shadow_copy_data
	   getlock
	   getwd
	   getxattr
	   kernel_flock
	   link
	   linux_setlease
	   listxattr
	   lock
	   lseek
	   lstat
	   mkdir
	   mknod
	   open
	   opendir
	   pread
	   pwrite
	   read
	   readdir
	   readlink
	   realpath
	   removexattr
	   rename
	   rewinddir
	   rmdir
	   seekdir
	   sendfile
	   set_compression
	   set_nt_acl
	   set_quota
	   setxattr
	   snap_check_path
	   snap_create
	   snap_delete
	   stat
	   statvfs
	   symlink
	   sys_acl_delete_def_file
	   sys_acl_get_fd
	   sys_acl_get_file
	   sys_acl_set_fd
	   sys_acl_set_file
	   telldir
	   unlink
	   utime
	   write

       In addition to these operations, vfs_full_audit recognizes the special
       operation names "all" and "none ", which refer to all the VFS
       operations and none of the VFS operations respectively.

       vfs_full_audit records operations in fixed format consisting of fields
       separated by '|' characters. The format is:

		     smbd_audit: PREFIX|OPERATION|RESULT|FILE

       The record fields are:

	      ·	  PREFIX - the result of the full_audit:prefix string after
		  variable substitutions

	      ·	  OPERATION - the name of the VFS operation

	      ·	  RESULT - whether the operation succeeded or failed

	      ·	  FILE - the name of the file or directory the operation was
		  performed on

       This module is stackable.

OPTIONS
       full_audit:prefix = STRING
	   Prepend audit messages with STRING. STRING is processed for
	   standard substitution variables listed in smb.conf(5). The default
	   prefix is "%u|%I".

       full_audit:success = LIST
	   LIST is a list of VFS operations that should be recorded if they
	   succeed. Operations are specified using the names listed above.
	   Operations can be unset by prefixing the names with "!". The
	   default is all operations.

       full_audit:failure = LIST
	   LIST is a list of VFS operations that should be recorded if they
	   failed. Operations are specified using the names listed above.
	   Operations can be unset by prefixing the names with "!". The
	   default is all operations.

       full_audit:facility = FACILITY
	   Log messages to the named syslog(3) facility.

       full_audit:priority = PRIORITY
	   Log messages with the named syslog(3) priority.

       full_audit:syslog = true/false
	   Log messages to syslog (default) or as a debug level 1 message.

       full_audit:log_secdesc = true/false
	   Log an sddl form of the security descriptor coming in when a client
	   sets an acl. Defaults to false.

EXAMPLES
       Log file and directory open operations on the [records] share using the
       LOCAL7 facility and ALERT priority, including the username and IP
       address. Logging excludes the open VFS function on failures:

		   [records]
		path = /data/records
		vfs objects = full_audit
		full_audit:prefix = %u|%I
		full_audit:success = open opendir
		full_audit:failure = all !open
		full_audit:facility = LOCAL7
		full_audit:priority = ALERT

VERSION
       This man page is correct for version 3.0.25 of the Samba suite.

AUTHOR
       The original Samba software and related utilities were created by
       Andrew Tridgell. Samba is now developed by the Samba Team as an Open
       Source project similar to the way the Linux kernel is developed.

Samba 4.7			  11/23/2017		     VFS_FULL_AUDIT(8)
[top]

List of man pages available for Kali

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net