Comments (6)
I'll respond to my own issue here before i close it out .
the issue was i was using ubuntu trusty, the %D of the sample smb.conf file was causing the smb audit log to not have all the required fields. I made my config to be %d (yes i know its not the field we are looking for but...) now it works correctly. the log parsing code in modules/samba.py is now correctly reading the smb-audit.log file and putting that into the opencanary log. which then sends to the json-tcp logger i had set up.
from opencanary.
I am running opencanary on a Raspberry Pi (RASPBIAN STRETCH LITE) and I have followed the instructions to get everything setup, including the special SMB settings. Everything is working and I am getting alerts for all my services expect Samba. I am thinking I am running into the same issue as @carnal0wnage. Any help someone can offer would be much appreciated.
Attached are my config files in case i am missing something.
Thank you in advanced.
opencanary.conf.txt
smb.conf.txt
from opencanary.
It's been awhile but IIRC i started adding the logging variables one at a time until i found the one that was breaking things.
here is what i had for my config
[global]
workgroup = WORKGROUP
server string = Windows 2003 File Server
netbios name = FILESRV01
dns proxy = no
log file = /var/log/samba/samba-audit.log
log level = 2
syslog only = no
syslog = 0
vfs object = full_audit
full_audit:prefix = %U|%I|%i|%m|%S|%L|%R|%a|%T|%D
full_audit:success = pread
full_audit:failure = none
full_audit:facility = local7
full_audit:priority = notice
max log size = 100
panic action = /usr/share/samba/panic-action %d
#samba 4
server role = standalone server
#samba 3
security = user
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = no
map to guest = Bad User
usershare allow guests = yes
guest account = nobody
create mask = 0666
directory mask = 0777
force create mode = 0666
force directory mode = 0777
[Documents]
comment = Office documents
path = /tmp/share
guest ok = yes
read only = yes
browseable = yes
force user = nobody
force group = nogroup
#vfs object = audit
from opencanary.
Thank you for the response. By logging variables do you mean the "full_audit:prefix =" items. From your original post it looks like the %D was causing the problem. My SMB config looks similar to yours. I did not see any issues standing out.
[global]
workgroup = company.local
server string = Windows File Server
netbios name = Server01
dns proxy = no
log file = /var/log/samba/log.all
log level = 0
syslog only = yes
syslog = 0
vfs object = full_audit
full_audit:prefix = %U|%I|%i|%m|%S|%L|%R|%a|%T|%D
full_audit:success = pread
full_audit:failure = none
full_audit:facility = local7
full_audit:priority = notice
max log size = 100
panic action = /usr/share/samba/panic-action %d
#samba 4
server role = standalone server
#samba 3
#security = user
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = no
map to guest = bad user
usershare allow guests = yes
[Company]
comment = Company Files
path = /home/pi/Company
guest ok = yes
read only = yes
browseable = yes
#vfs object = audit
from opencanary.
Just want to make sure I am understanding the opencanary samba server. It should log and send an email (if SMTP configures) if someone logs in or attempts to a SMB share, similar to the other services. Thanks for the help. Really appreciate it.
from opencanary.
Don't mean to bring this back up, but I pretty much have the same config as you @carnal0wnage . Everything is getting logged in correctly in the 'samba-audit.log', however, I'm not receiving an e-mail alert for it. Basically, when someone access the dummy synology page by inputting the IP in a browser, I'll get an e-mail alert. However, when someone access the Samba share I created, it looks like it's getting logged correctly in 'samba-audit.log', but no e-mail. Any ideas on how I can fix this? I believe this would be similar to your initial problem. @mmaxwell5 were you able to get this to work? Because I think I'm having the same issue you were. Please let me know.
from opencanary.
Related Issues (20)
- Missing quotes to "verify": False ? HOT 2
- question: Where to see the login( credentials) details? HOT 2
- Ubuntu - Autostart Service in Python Virtual Enviroment HOT 4
- SQLFactory does not log any activity HOT 1
- syslog utc timestamp data fields HOT 1
- New web Skin
- Opencanary send out alarms days after event HOT 4
- How can I downgrade RDP. py in version 0.9.0, as I would like it to be in version 0.4 of the Python 2.7 environment? HOT 3
- Feature Request: RDP full authentication flow HOT 1
- Splunk not ingesting opencanary.log HOT 2
- [BUG] Putty and Powershell ssh client not able to recognize this fake ssh service HOT 4
- [BUG] v0.91 Seems to have problem with Telnet (Tested on Ubuntu 20.04 and 22.04) HOT 3
- [BUG] v0.90 seems to log SSH as a port-scanning even with port-scanning disabled. HOT 2
- [BUG] nasLogin skin (&CSS) - does not work when reverse proxying the HTTP stack HOT 10
- Ability to customize/extend input filed names of http.skin form elements. HOT 5
- [BUG] portmap not being written to /var/tmp/opencanary.log HOT 13
- LLMNR Support? HOT 4
- Opencanary source IP from webhook HOT 3
- Bypass honeypot detection HOT 1
- [Wiki] [Mistake] Mistake in package name of rsyslog HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opencanary.