Linux Samba Server, best practices: Security, Monitoring, Reliability

[abstractalgebra]

What are the best practices for a small scale business Centos7 samba server vm (5 users, ~15GB, Win10 Clients, files/lightweight pos/quickbooks)?
I tested New Relic's free server monitoring, although it broke after just one day reporting the servers are offline.
How would you setup basic monitoring of file-system health, free space, security updates not applied, 20% of files deleted,...? What else do you do or recommend?

• Centos 7, minimal install, yum update
  
• install ntp nano samba
• harden ssh for administration using this guide.
• no root login, ssh key login only, ecc ed25519 only, ...

Planning Cloudberry for linux backup to S3 and google drive
Local Backup:
7z archive of changed files every hour, kept for a rolling 2w.
7z rolling archives named each day of the month
7z rolling archives named each month
Daily mirror of files to separate PC, daily 1w full backups, 3m full backups

As I type this all out ZFS and scrubs would be great but does that make more sense?

 

[Evan]

From a security point of view disable netbios.
Are you using a domain ? That's always and Attack vector.
Configured PAM for authentication ?

Do you really need any special share monitoring as compared to normal server monitoring ?

 

[abstractalgebra]

Yes good idea. I can remove netbios, so samba only works on port 445. I was not planning on using a samba domain given the environment is so small. I'll write a powershell /ssh script to change the passwords so each username is synchronized on each PC. With only 3 users (5 pcs) is having a centralized domain benifical? They have run off a WinXP quasi-file-server for a decade. However, willing to consider if it make sense.

The share monitoring idea was just something that would be nice to notify the owner and I to make sure we did not have a big accidental or malicious deletion of data. Perhaps a simple script that emails about backup failures and/or big sudden changes in the amount of data.