diff options
| author | Gary Lockyer <gary@catalyst.net.nz> | 2018-12-19 09:08:22 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2018-12-21 22:16:09 +0100 |
| commit | 87a8325a0d511ec2177ef501828b50deb0ce50b9 (patch) | |
| tree | d81a9ff74551cd6415e04af6f30a471473b6f365 /WHATSNEW.txt | |
| parent | b99b51400c3e3e40b848d57d01f67b8d72d772b5 (diff) | |
| download | samba-87a8325a0d511ec2177ef501828b50deb0ce50b9.tar.gz | |
s4 group_audit: Add Windows Event Id's to Group membership changes
Generate a GroupChange event when a user is created with a PrimaryGroup
membership. Log the windows event id in the JSON GroupChange message.
Event Id's supported are:
4728 A member was added to a security enabled global group
4729 A member was removed from a security enabled global
group
4732 A member was added to a security enabled local group
4733 A member was removed from a security enabled local group
4746 A member was added to a security disabled local group
4747 A member was removed from a security disabled local group
4751 A member was added to a security disabled global group
4752 A member was removed from a security disabled global
group
4756 A member was added to a security enabled universal
group
4757 A member was removed from a security enabled universal
group
4761 A member was added to a security disabled universal
group
4762 A member was removed from a security disabled universal
group
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'WHATSNEW.txt')
| -rw-r--r-- | WHATSNEW.txt | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 6698b09d8bc..5f237713015 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -118,17 +118,39 @@ type "logonType". The supported event codes and logon types are: 2 Interactive 3 Network 8 NetworkCleartext + The version number for Authentication messages is now 1.1, changed from 1.0 Password change messages now contain the Windows Event Id "eventId", the supported event Id's are: 4723 Password changed 4724 Password reset + The version number for PasswordChange messages is now 1.1, changed from 1.0 +Group membership change messages now contain the Windows Event Id "eventId", +the supported event Id's are: + 4728 A member was added to a security enabled global group + 4729 A member was removed from a security enabled global group + 4732 A member was added to a security enabled local group + 4733 A member was removed from a security enabled local group + 4746 A member was added to a security disabled local group + 4747 A member was removed from a security disabled local group + 4751 A member was added to a security disabled global group + 4752 A member was removed from a security disabled global group + 4756 A member was added to a security enabled universal group + 4757 A member was removed from a security enabled universal group + 4761 A member was added to a security disabled universal group + 4762 A member was removed from a security disabled universal group + + +The version number for GroupChange messages is now 1.1, changed from 1.0. Also +A GroupChange message is generated when a new user is created to log that the +user has been added to their primary group. + The leading "JSON <message type>:" and source file prefix of the JSON formatted log entries has been removed to make the parsing of the JSON log messages -easier. JSON log entries now start with 2 spaces folowed by an opening brace +easier. JSON log entries now start with 2 spaces followed by an opening brace i.e. " {" |