The audit can be tweaked to ignore the read/access and just logs the write/update ? Note # 1: I forgot this: The shared folders are “read only” for all the users except for the administrator group (so there is a potential big problem with samba audit + logs + antivirus)
Because our antivirus seems to kill our NS server, it hits each file (scan) and the audit grows on thousands of records in a few days. Worse, there are none of the user files for daily work, yet.
So, I’m tweaking the AV to ignore the shares, but I still see some access on the “SambaStatus - locked files”. Need to check the filters again.
Some users just keep grabbing some folders, so I fight it changing the folder name (non work), moving the folder inside another folder (not work), so, finally I move the files from the folder to a new folder on the shared one, the AV don’t see the files and let it go. Then I delete the empty folders, recreate the needed one and move the files again. The user/AV is tamed for now. Let’s see in the next days.
And yes the shared folder is hidden, but as we know the name of the shared folder we can use it and install our programs… isn’t a problem, we are the ‘demi-gods’ of IT here we need to know that shared folder names.
Hello! sorry reply on an old post. But i need to ask: How Can I have this interface? Where can I manage locked files and Machines Joined Domain on Nethserver UI?
That’s part of SambaStatus community module, but if you are using the new server-manager, based on cockpit, some of its features are already integrated:
