Re: samba log directory
On 12 Jun 2004, Christian Christmann wrote:
> I just checked my /var/log/samba and found
> bunch of log files:
>
> log.shitbanda log.familj
> log.mario-t3psqfw32 log.talentoaa
> log.syb07 log.50163099sp
> log.gustavo log.momerdadd
> log.rampeiras ....
>
> When I understand samba correctly, it creates for each user who is
> trying to use my samba server a separate log file. But why do I have
> all these files from users I don't know?
As far as I know, Samba used the *machine* name, not the *user* name, by
default for those log files.
> Did these guys try to break into my linux box?
Maybe, but I suspect not. More likely they were either (a) machine names
you really know, or (b) broadcasts from other people on your LAN.
> If so, how can I recognize if they were successfull?
Use tripwire, or the other tools like that which you installed and
configured before anyone could possibly compromise your machine, and for
which you kept secure off-line or read-only databases.
Otherwise, read the logs and hope that you can identify the issue.
Seriously, there really isn't any sure way of determining if someone
broke into your systems successfully other than identifying unusual
behaviour, or having an intrusion detection system in place before the
break-in.
Better to ask where the risks are, remove them, then rebuild the server
from scratch if you are not sure you are safe.
Regards,
Daniel
--
Regard all art critics as useless and dangerous.
-- Manifesto of the Futurists
Reply to: