Catalogic Website Documentation

Configuring GuardMode Agent for SAMBA setup

Before configuring the GuardMode Agent for SAMBA, it's crucial to ensure the system's configuration is in its initial state, especially for SAMBA VFS Full Audit, journald, and rsyslog.

The GuardMode Agent uses the VFS Full Audit module to monitor SAMBA share events. If you've customized this module for other purposes, contact support to check if it can be shared with the GuardMode Agent.

Tip. After installing the GuardMode Agent, avoid altering the SAMBA VFS Full Audit module configuration until it's removed.

Journald configuration

For journald, the SAMBA configuration script will set the following parameters:

  • RateLimitIntervalSec="10"

  • RateLimitBurst="20000"

There are no other specific requirements for journald configuration.

Rsyslog configuration

The GuardMode Agent uses the local5.debug selector to transfer data between SAMBA and rsyslog. The configuration script will automatically adjust any usage of this selector to local5.info. It will also modify the usage of local5. to local5.*;local5.!=debug and .* to *.*;local5.!=debug selectors to exclude local5.debug.

Tip. If you need the local5.debug selector for other purposes, you can configure SAMBA and rsyslog to use a different selector. In that case contact support for assistance.

Network configuration

The GuardMode Agent uses the local TCP port 65432 for data transfer between rsyslog and the Agent. This port must be open for the Agent to operate correctly. If you need to use a different TCP port, consult support on configuring rsyslog and the GuardMode Agent accordingly.

Changes to the OS Configuration During SAMBA Setup

During the SAMBA configuration for the GuardMode Agent, several modifications are made to the operating system:

  • SAMBA Configuration: The script modifies /etc/samba/smb.conf. For SAMBA versions 14.13 or below, it also modifies any other files included in smb.conf where shares are defined. Additionally, the script adds /etc/samba/catalogic.audit.conf.

  • journald Configuration: The script adds a new file, /etc/systemd/journald.conf.d/99-catalogic.conf to configure journald.

  • rsyslogd Configuration: The script modifies /etc/rsyslog.conf and any configuration files in /etc/rsyslog.d/. It also adds /etc/rsyslog.d/catalogic.cfg.

Configuring SAMBA for the GuardMode Agent

Attention! You should only runconfigure_smb.sh script after setting up SAMBA and executing the install.sh or upgrade.sh.

To configure SAMBA (along with journald and rsyslog) for the GuardMode Agent, run the SAMBA configuration script using:

./smb/configure_smb.sh

Tip. For RHEL systems, the configuration script adds the following record to the SELinux policy:semanage port -a -t syslogd_port_t -p tcp 65432

PreviousUninstalling GuardMode Agent on LinuxNextUninstalling GuardMode Agent on SAMBA setup