FreeBSD + Samba + VFS Modules ============================= Shanker Balan http://shankerbalan.com/ Changelog: Fri Jun 13 13:40:29 IST 2003 - Initial doc Overview: Samba 2.2 and later have support for loadable VFS module which can be defined on a per share basis. Some of the modules that particularly interesting are the audit, recycle and the vscan modules. The audit and the recycle VFS modules are part of the Samba distribution can be built from the examples/VFS directory. The vscan plugin is provided by http://www.openantivirus.org/ The Modules: audit A simple module to audit file access to the syslog facility. The following operations are logged: share connect/disconnect, directory opens/create/remove, file open/close/rename/unlink/chmod. recycle A recycle-bin like modules. When used any unlink call will be intercepted and files moved to the recycle directory nstead of beeing deleted. See: /usr/local/share/examples/samba/VFS/README samba-vscan (on-access virus scanning with Samba) URL: http://www.openantivirus.org/projects.php samba-vscan is a proof-of-concept module for Samba, which uses the VFS (virtual file system) features of Samba 2.2.x/3.0 alphaX. Of course, Samba has to be compiled with VFS support. It currently works only with FRISK F-Prot Daemon, Kaspersky AntiVirus, mks32, OpenAntiVirus ScannerDaemon, Sophos Sweep, Symantec AntiVirus Engine (via ICAP) or Trend Micro. The latest release is 0.3.2b. You might give 0.3.3beta1 a try (GPG sig). samba-vscan is maintained by Rainer Link. Installing Samba: [godzilla] ~# portinstall net/samba-devel WITH_QUOTAS=yes WITH_UTMP=yes WITH_MSDFS=yes WITH_ACL_SUPPORT=yes WITH_LIBICONV=yes [godzilla] ~> pkg_info -x samba Information for samba-3.0a20: Comment: A free SMB and CIFS client and server for UNIX VFS support is compiled by default and the VFS sources are installed under /usr/local/share/examples/samba/VFS/. To compile these modules, you need the config.h file in the samba source directory (do make in net/samba-devel). Compile the modules it using "gmake" (not BSD make) and copy the *.o files to /usr/local/lib/samba/vfs/. [godzilla] ~# cd /usr/ports/net/samba-devel/ [godzilla] /usr/ports/net/samba-devel# make [godzilla] /usr/ports/net/samba-devel# cd /usr/local/share/examples/samba/VFS/ [godzilla] /usr/local/share/examples/samba/VFS# gmake [godzilla] /usr/local/share/examples/samba/VFS# mkdir /usr/local/lib/samba/vfs/ [godzilla] /usr/local/share/examples/samba/VFS# cp *.o /usr/local/lib/samba/vfs/ [godzilla] /usr/local/share/examples/samba/VFS# make clean Samba Configuration: ### ### etc/smb.conf ### #======================= Global Settings ===================================== [global] [...] vfs path = /usr/local/lib/samba/vfs #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writeable = yes # stacking requires a very recent version of Samba 3.x tree. # Else only one module can be used at a time ;vfs object = audit.so ;vfs object = recycle.so vfs object = audit.so recycle.so ### ### Audit log messages ### Below is the audit log for delete operation \\godzilla\shanu\opera.core by user "shanu". [godzilla] ~> smbclient \\\\godzilla\\shanu added interface ip=192.168.1.24 bcast=192.168.1.255 nmask=255.255.255.0 Got a positive name query response from 192.168.1.1 ( 192.168.1.24 ) Password: Doing spnego session setup (blob length=58) OS=[Unix] Server=[Samba] smb: \> rm opera.core smb: \> [godzilla] ~> [godzilla] ~# tail -f /var/log/messages Jun 13 14:24:50 godzilla smbd_audit[24822]: VFS_INIT: vfs_ops loaded Jun 13 14:24:50 godzilla smbd_audit[24822]: connect to service shanu by user shanu Jun 13 14:25:13 godzilla smbd_audit[24822]: opendir ./ Jun 13 14:25:13 godzilla smbd_audit[24822]: unlink opera.core Jun 13 14:25:18 godzilla smbd_audit[24822]: disconnected Jun 13 14:25:18 godzilla smbd_audit[24822]: VFS_DONE: vfs module unloaded The recycle VFS module will move the deleted file to .recycle in the share's root. The deleted file will be over written if another file with the same name if deleted. It should be trivial to hack recycle.c to add a time stamp to the deleted file's name so that multiple copies can be preserved in the Reycle bin. ### ### samba-vsan module with OpenAntivirus ### ToDo The module did not compile on the first try, feeling kinda lazy to hack on it any more. Maybe some other day when I feel up to it. ### ### NOTES: ### - Stackable VFS modules is available only in the very latest Samba 3.0 beta according to Samba-HOWTO-Collection.html. Stacking does not seem to work in samba-3.0a20 atleast. (Fri Jun 13 14:56:31 IST 2003) ** Update ** (Fri Jul 25 13:20:19 IST 2003) Running Samba samba-3.0.0.b2 now, stacking now works [godzilla] ~# testparm |grep vfs vfs objects = /usr/local/lib/recycle.so, /usr/local/lib/audit.so ### ### Todo ### - Use syslog-ng or syslogd to log all audit (user.notice?) messages to anything other than /var/log/messages. - Actually try stacking modules using a recent CVS of Samba-head branch. - Finish vscan module setup. - Think recent RedHat Linux distributions come with the vscan and other VFS modules, perhaps I could just document their usage as well.