GuardMode 2024.3
  • Welcome to GuardMode!
  • Intro
  • Installation
    • System requirements
    • Installing GuardMode Agent on Windows
      • Updating GuardMode Agent on Windows
    • Installing GuardMode Agent on Linux
      • Using Containerized GuardMode Agent
    • Uninstalling GuardMode Agent on Windows
    • Uninstalling GuardMode Agent on Linux
    • Configuring GuardMode Agent for SAMBA setup
    • Uninstalling GuardMode Agent on SAMBA setup
  • Agent Configuration
    • General Settings
    • Excluded Paths Configuration
    • Adding malware detection rules
      • Honeypot and Decoy Files
      • Write Operations Threshold
      • Detecting File Renaming with Abnormal File Extensions
      • Special Files Monitoring
    • Security Incident Detection
    • SMB Monitoring (Linux Only)
    • Event Reports
      • Configuring Event Reports
      • Excluding Paths From Event Reports
      • Tagging Agent
    • NFS Share Monitoring
    • Altering Audit Rules
    • Configuring DPX for Automatic Blocklist Updates
    • Using TLS
    • Configuring YARA-X
  • Using GuardMode Agent Command Line
  • REST API Documentation
  • On-demand Scanning
  • Logging
  • FAQ
  • Technical Support
Powered by GitBook
On this page
  • Requirements
  • Configuration
  1. Agent Configuration

SMB Monitoring (Linux Only)

PreviousSecurity Incident DetectionNextEvent Reports

GuardMode can monitor SMB shares on Linux systems to detect file operations. This feature requires additional configuration and has specific compatibility requirements.

Requirements

  • Linux operating system

  • SMB client version 4.10 or earlier

  • Pre-configured Samba instance

  • Configured rsyslog forwarding

Configuration

The feature is disabled by default. To enable SMB share monitoring:

  1. Configure rsyslog to forward Samba logs to GuardMode Agent

See also. For details on configuring rsyslog, see .

  1. Enable the feature in .

Note. The GuardMode agent must be installed on the server hosting the SMB shares for proper monitoring.

Configuring GuardMode Agent for SAMBA setup
GuardMode Agent configuration