Add ClamAV integration and AppArmor configuration for Samba virusfilter support
This commit is contained in:
@@ -6,7 +6,7 @@
|
||||
#
|
||||
# This is the main Samba configuration file. You should read the
|
||||
# smb.conf(5) manual page in order to understand the options listed
|
||||
# here. Samba has a huge number of configurable options most of which
|
||||
# here. Samba has a huge number of configurable options most of which
|
||||
# are not shown in this example
|
||||
#
|
||||
# Some options that are often worth tuning have been included as
|
||||
@@ -18,8 +18,8 @@
|
||||
# enough to be mentioned here
|
||||
#
|
||||
# NOTE: Whenever you modify this file you should run the command
|
||||
# "testparm" to check that you have not made any basic syntactic
|
||||
# errors.
|
||||
# "testparm" to check that you have not made any basic syntactic
|
||||
# errors.
|
||||
|
||||
#======================= Global Settings =======================
|
||||
|
||||
@@ -31,11 +31,11 @@
|
||||
; workgroup = WORKGROUP
|
||||
workgroup = {{ samba_workgroup|default('WORKGROUP') }}
|
||||
|
||||
# Option 'netbios name' added to debian's default smb.conf
|
||||
# Option 'netbios name' added to debian's default smb.conf
|
||||
#
|
||||
# This sets the NetBIOS name by which a Samba server is known. By default it
|
||||
# is the same as the first component of the host's DNS name. If a machine is
|
||||
# a browse server or logon server this name (or the first component of the
|
||||
# a browse server or logon server this name (or the first component of the
|
||||
# hosts DNS name) will be the name that these services are advertised under.
|
||||
#
|
||||
# Note that the maximum length for a NetBIOS name is 15 characters.
|
||||
@@ -46,9 +46,9 @@
|
||||
|
||||
{% if samba_server_min_protocol is defined and samba_server_min_protocol|length > 0 %}
|
||||
|
||||
# This setting controls the minimum protocol version that the server will allow
|
||||
# the client to use. Normally this option should not be set as the automatic
|
||||
# negotiation phase in the SMB protocol takes care of choosing the appropriate
|
||||
# This setting controls the minimum protocol version that the server will allow
|
||||
# the client to use. Normally this option should not be set as the automatic
|
||||
# negotiation phase in the SMB protocol takes care of choosing the appropriate
|
||||
# protocol unless you have legacy clients which are SMB1 capable only.
|
||||
#
|
||||
# See Related command: server max protocol for a full list of available protocols.
|
||||
@@ -69,7 +69,7 @@
|
||||
; interfaces = 127.0.0.0/8 eth0
|
||||
interfaces = {{ samba_server_ip }}/{{ samba_server_cidr_prefix }} 127.0.0.1/8
|
||||
|
||||
# Option 'hosts deny' and 'hosts allow' added to debian's default smb.conf
|
||||
# Option 'hosts deny' and 'hosts allow' added to debian's default smb.conf
|
||||
hosts deny = 0.0.0.0/0
|
||||
hosts allow = 192.168.0.0/16 10.0.0.0/8 127.0.0.0/8
|
||||
|
||||
@@ -80,8 +80,8 @@
|
||||
# option cannot handle dynamic or non-broadcast interfaces correctly.
|
||||
#
|
||||
# Notice:
|
||||
# If bind interfaces only is set and the network address 127.0.0.1 is not added to the
|
||||
# interfaces parameter list smbpasswd(8) may not work as expected due to the reasons
|
||||
# If bind interfaces only is set and the network address 127.0.0.1 is not added to the
|
||||
# interfaces parameter list smbpasswd(8) may not work as expected due to the reasons
|
||||
# covered below.
|
||||
#
|
||||
# Default: bind interfaces only = no
|
||||
@@ -92,7 +92,7 @@
|
||||
|
||||
# This tells Samba to use a separate log file for each machine
|
||||
# that connects
|
||||
; log file = /var/log/samba/log.%m
|
||||
log file = /var/log/samba/log.%m
|
||||
log file = /var/log/samba/%I.log
|
||||
|
||||
# Cap the size of the individual log files (in KiB).
|
||||
@@ -103,13 +103,13 @@
|
||||
# Append syslog@1 if you want important messages to be sent to syslog too.
|
||||
logging = file
|
||||
|
||||
# Option 'log level' added to debian's default smb.conf
|
||||
# Option 'log level' added to debian's default smb.conf
|
||||
#
|
||||
# The value of the parameter (a astring) allows the debug level (logging level) to be
|
||||
# The value of the parameter (a astring) allows the debug level (logging level) to be
|
||||
# specified in the smb.conf file.
|
||||
#
|
||||
# This parameter has been extended since the 2.2.x series, now it allows one to specify
|
||||
# the debug level for multiple debug classes. This is to give greater flexibility in
|
||||
# This parameter has been extended since the 2.2.x series, now it allows one to specify
|
||||
# the debug level for multiple debug classes. This is to give greater flexibility in
|
||||
# the configuration of the system.
|
||||
#
|
||||
# See manpage for implemented debug classes
|
||||
@@ -125,7 +125,7 @@
|
||||
|
||||
####### Authentication #######
|
||||
|
||||
# Option 'ntlm auth' added to debian's default smb.conf
|
||||
# Option 'ntlm auth' added to debian's default smb.conf
|
||||
#
|
||||
# This parameter determines whether or not smbd(8) will attempt to authenticate
|
||||
# users using the NTLM encrypted password response for this local passdb (SAM
|
||||
@@ -167,7 +167,7 @@
|
||||
# Server role. Defines in which mode Samba will operate. Possible
|
||||
# values are "standalone server", "member server", "classic primary
|
||||
# domain controller", "classic backup domain controller", "active
|
||||
# directory domain controller".
|
||||
# directory domain controller".
|
||||
#
|
||||
# Most people will want "standalone server" or "member server".
|
||||
# Running as "active directory domain controller" will require first
|
||||
@@ -197,7 +197,7 @@
|
||||
# to anonymous connections
|
||||
map to guest = bad user
|
||||
|
||||
# Option 'username map' added to debian's default smb.conf
|
||||
# Option 'username map' added to debian's default smb.conf
|
||||
#
|
||||
username map = /etc/samba/users.map
|
||||
|
||||
@@ -206,7 +206,7 @@
|
||||
#
|
||||
# The following settings only takes effect if 'server role = primary
|
||||
# classic domain controller', 'server role = backup domain controller'
|
||||
# or 'domain logons' is set
|
||||
# or 'domain logons' is set
|
||||
#
|
||||
|
||||
# It specifies the location of the user's
|
||||
@@ -235,13 +235,13 @@
|
||||
# password; please adapt to your needs
|
||||
; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
|
||||
|
||||
# This allows machine accounts to be created on the domain controller via the
|
||||
# SAMR RPC pipe.
|
||||
# This allows machine accounts to be created on the domain controller via the
|
||||
# SAMR RPC pipe.
|
||||
# The following assumes a "machines" group exists on the system
|
||||
; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
|
||||
|
||||
# This allows Unix groups to be created on the domain controller via the SAMR
|
||||
# RPC pipe.
|
||||
# RPC pipe.
|
||||
; add group script = /usr/sbin/addgroup --force-badname %g
|
||||
|
||||
############ Misc ############
|
||||
@@ -489,7 +489,13 @@
|
||||
|
||||
# Scan-Zeitpunkt: nur beim Öffnen, nicht beim Schließen
|
||||
virusfilter:scan on open = yes
|
||||
virusfilter:scan on close = no
|
||||
virusfilter:scan on close = yes
|
||||
|
||||
# Fehlercode bei infizierter Datei (beim Öffnen)
|
||||
virusfilter:infected file errno on open = EACCES
|
||||
|
||||
# Fehlercode beim Schließen
|
||||
virusfilter:infected file errno on close = EACCES
|
||||
|
||||
# Timeouts (Millisekunden)
|
||||
virusfilter:connect timeout = 30000
|
||||
|
||||
Reference in New Issue
Block a user