How I Built a Secure, Cost-Effective File Server Using CentOS and Samba

Introduction

In many organizations, secure file storage comes with high licensing costs and dependency on domain infrastructure. My challenge was to design a solution that ensured full data security, complete audit trails, and zero licensing costs—all without a domain setup. This post details how I achieved it using CentOS Linux, Samba, and a research-driven approach.

System Overview

A simple architecture diagram showing:

• CentOS file server in the center

• Connected clients on the right

• Audit log module tracking all file operations

• Backup destination (optional)

• Secure access controls in place

Why CentOS and Samba?

CentOS Linux offers stability, enterprise-grade security, and is free to use. Samba enables cross-platform file sharing with granular control. Together, they allowed me to build a robust, scalable, and low-maintenance system.

The Research Process

Before implementation, I conducted targeted research:

• Explored open-source alternatives to paid domain-based file servers.

• Evaluated Samba’s full_audit module for tracking every file operation.

• Reviewed community forums, GitHub discussions, and Samba documentation to refine configuration options.

This research phase was key—by systematically testing configurations in a controlled environment, I avoided costly trial-and-error during production deployment.

Implementation Highlights

• Server Setup: Installed CentOS Linux and configured network parameters.

• Samba Installation: Set up shares with precise permissions per department.

• Audit Logging: Enabled full_audit to log every file read, write, and delete operation.

• Security Measures: Integrated with firewall rules and restricted access by IP.

• Backup Policy: Linked to an offsite backup target using rsync.

  Sample Audit Log Entry:

[2025/02/10 15:24:13.120000, 2] full_audit: connect to [Finance] as user=finance_mgr
[2025/02/10 15:25:41.083000, 2] full_audit: open file /reports/Q1_2025.xlsx

This format allows quick traceability of file actions, meeting compliance and security requirements.

System Requirements

• Hardware: 1 server machine (with at least 8 GB RAM and a decent CPU)

• Operating System: CentOS 6 or 7

• Software: Samba, auditd, nano/vim text editor

• Client Machines: Windows PCs (mostly using Home Edition, not Professional)

Step-by-Step Deployment Guide

1. Install CentOS

   • Download CentOS ISO and install it on the server hardware.

   • Perform basic setup (hostname, static IP, root password).

2. Install Samba

sudo yum install samba samba-common samba-client

3. Configure Shared Folders with IP-based Restrictions

   • First, configure DHCP reservations for each client using MAC addresses.

   • Then, set up the Samba configuration file (/etc/samba/smb.conf) to restrict access per IP address.

[accounts]
	path = /srv/accounts
	valid users = @accounts
	hosts allow = 192.168.1.10
	read only = no

4. Enable Samba Auditing

   • Add audit module to smb.conf:

vfs objects = full_audit
full_audit:prefix = %u|%I|%m|%S
full_audit:success = open, unlink, rename
full_audit:failure = none
full_audit:facility = LOCAL7
full_audit:priority = NOTICE

Add audit module to smb.conf:

5. Restart Samba Services

systemctl restart smb
systemctl restart nmb

Understanding the Audit Logs Once implemented, the audit log records every file activity like this:

zuhaib|192.168.1.10|PC1|accounts|open file.txt

This helped us trace who accessed, copied, deleted, or renamed files—with timestamps and source IP.

Impact & Benefits

• Zero Licensing Cost: Entire solution based on open-source stack.

• Complete Traceability: Every file access logged for security audits.

• Performance Gains: Faster response times compared to prior shared drives.

• Operational Security: Controlled access reduced accidental or malicious file changes.

• Scalability: Easily expandable to additional departments or offices.

Challenges & Solutions

• Challenge: Samba audit logs were initially too verbose.

  Solution: Filtered specific operations to avoid log bloat while retaining essential tracking.

• Challenge: Training staff to use secure file access.

  Solution: Delivered step-by-step guides and held training sessions.

Final Recommendations

This project not only demonstrated the value of open-source innovation but also reinforced the importance of applying methodical research to deliver secure, cost-effective infrastructure. The solution became a practical reference for later deployments in cross-border, high-security environments, including defense research operations.

Knowledge-Sharing Call-to-Action

I share this implementation so that small and medium-sized organizations—especially those constrained by licensing budgets—can confidently deploy secure, auditable file storage without costly infrastructure.

If you have questions or want to adapt this for your own environment, feel free to reach out via my website.