[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Log Samba : problème de firewall ?

Bonjour,

En regardant les fichiers de mon serveur dans /var/log/samba, j'ai constaté 
que plusieurs fichiers de log étaient présents : 

[root@kayak]:/var/log/samba # ls -l -st
total 804
  0 -rw-r--r-- 1 root root      0 2008-07-24 06:28 log.nmbd
200 -rw-r--r-- 1 root root 196849 2008-07-23 09:47 log.voile
  4 -rw-r--r-- 1 root root    311 2008-07-23 09:15 log.nmbd.1.gz
  4 -rw-r--r-- 1 root root   1760 2008-07-23 09:14 log.smbd
 16 -rw-r--r-- 1 root root  14946 2008-07-22 14:08 log.192.168.0.1
 36 -rw-r--r-- 1 root root  34086 2008-07-21 17:24 log.192.168.0.248
  8 -rw-r--r-- 1 root root   6707 2008-07-21 14:35 log.luge
 40 -rw-r--r-- 1 root root  37906 2008-07-13 15:33 log.192.168.0.229
  4 -rw-r--r-- 1 root root    219 2008-07-13 15:14 log.smbd.1.gz
  4 -rw-r--r-- 1 root root    331 2008-07-12 20:39 log.smbd.2.gz
  4 -rw-r--r-- 1 root root    400 2008-07-11 19:22 log.nmbd.2.gz
 64 -rw-r--r-- 1 root root  59086 2008-07-05 16:00 log.192.168.0.4
  4 -rw-r--r-- 1 root root    192 2008-06-29 06:28 log.smbd.3.gz
  4 -rw-r--r-- 1 root root    335 2008-06-27 16:52 log.smbd.4.gz
  4 -rw-r--r-- 1 root root    323 2008-06-22 19:14 log.nmbd.3.gz
  4 -rw-r--r-- 1 root root    270 2008-06-17 21:14 log.smbd.5.gz
  4 -rw-r--r-- 1 root root    310 2008-06-09 11:49 log.nmbd.4.gz
  4 -rw-r--r-- 1 root root    237 2008-06-09 11:43 log.smbd.6.gz
  4 -rw-r--r-- 1 root root    331 2008-06-06 20:23 log.nmbd.5.gz
  4 -rw-r--r-- 1 root root    348 2008-06-06 20:17 log.smbd.7.gz
 40 -rw-r--r-- 1 root root  38362 2008-06-01 21:42 log.75.36.1.250
  4 -rw-r--r-- 1 root root    426 2008-05-31 15:28 log.nmbd.6.gz
  0 -rw-r--r-- 1 root root      0 2008-05-24 00:38 log.66.136.89.119
  0 -rw-r--r-- 1 root root      0 2008-05-23 17:01 log.213.154.72.196
  0 -rw-r--r-- 1 root root      0 2008-05-22 17:02 log.168.243.179.36
  4 -rw-r--r-- 1 root root    342 2008-05-12 13:52 log.nmbd.7.gz
  0 -rw-r--r-- 1 root root      0 2008-04-03 16:10 log.69.66.26.5
  0 -rw-r--r-- 1 root root      0 2008-04-01 06:18 log.220.191.255.66
  0 -rw-r--r-- 1 root root      0 2008-03-28 01:32 log.85.207.119.248
  4 -rw-r--r-- 1 root root    148 2008-03-21 11:52 log.75.154.254.62

voile et luge sont mes clients du réseau 192.168.*

Mais les autres... Comment se fait-il que ces fichiers soient générés par 
Samba sachent que mon script netfilter n'autorise pas l'ouverture des ports 
Samba ? Samba est normalement invisible et interdit depuis l'extérieur !

Pour info, le contenu de certains logs :
[root@kayak]:/var/log/samba # head log.caisse log.75.154.254.62 
log.75.36.1.250
==> log.caisse <==
[2008/03/21 11:50:05, 0] lib/util_sock.c:read_data(534)
  read_data: read failure for 4 bytes to client 193.253.192.206. Error = 
Connection timed out

==> log.75.154.254.62 <==
[2008/03/21 11:52:32, 0] lib/util_sock.c:read_data(534)
  read_data: read failure for 4 bytes to client 75.154.254.62. Error = 
Connection timed out

==> log.75.36.1.250 <==
[2008/05/31 18:30:49, 0] smbd/service.c:make_connection(1111)
  75.36.1.250 (75.36.1.250) couldn't find service admin$
[2008/05/31 18:30:49, 0] smbd/service.c:make_connection(1111)
  75.36.1.250 (75.36.1.250) couldn't find service admin$
[2008/05/31 18:30:50, 0] smbd/service.c:make_connection(1111)
  75.36.1.250 (75.36.1.250) couldn't find service admin$
[2008/05/31 18:30:50, 0] smbd/service.c:make_connection(1111)
  75.36.1.250 (75.36.1.250) couldn't find service admin$
[2008/05/31 18:30:50, 0] smbd/service.c:make_connection(1111)
  75.36.1.250 (75.36.1.250) couldn't find service c$

J'ai vérifié mon firewall à l'aide de Shields Up 
(https://www.grc.com/x/ne.dll?rh1dkyd2) et seuls les ports 80 et 22 sont 
ouverts.

D'où peuvent provenir la génération de ces logs Samba ?

-- 
Michel Grentzinger
	OpenPGP key ID : B2BAFAFA
		Available on http://www.keyserver.net
Reply to: