[Samba] Problem with SAMBA
Christoph Scheeder
christoph.scheeder at scheeder.de
Wed Jun 16 16:38:57 GMT 2004
Err,
i think this is not a samba question, it is a security question.
But anyhow:
R U N ,
not walk to your box and set up a firewall on your system not
letting smb-shares to the internet and you should be fine for the
first moment. Then install chkrootkit on that box and run it.
I guess it will at least find one rootkit installed.
i accidently had a minimal debian box a few days running on an adsl-link
without firewall and it was rootkitted the first day it ran.
setting hosts.deny is far far away from making your debian/linux box
secure if it has an internet-connection.
Christoph
Rodrigo Haces schrieb:
> Hi, i have a debian box connected to internet by ADSL, in that box i share
> internet to all my local network, i also have to share 3 directories with
> samba with full read/write permissions.
>
> my hosts.deny is ALL:ALL and my hosts.allow is ALL:127. AND ALL:192.168.0.
> so that i only accept connections from inside my local network.
>
> Here is the problem, i cannot ask for a password to let them write in my
> directories because im using them as a database location so that my CRM
> application connects there, but with this, intruders from outside my network
> can write virus programs (And are actually doing it, writing a Xi.exe
> program). So, how can i prevent this? here is my smb.conf:
>
> [global]
> log file = /var/log/samba/log.%m
> passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
> *Retype\snew\sUNIX\spassword:* %n\n
> socket options = TCP_NODELAY
> obey pam restrictions = yes
> null passwords = yes
> encrypt passwords = true
> passdb backend = tdbsam guest
> passwd program = /usr/bin/passwd %u
> dns proxy = no
> netbios name = Servidor
> server string = %h server (Samba %v)
> invalid users = root
> workgroup = infosys
> debug level = 0
> os level = 20
> syslog = 0
> security = share
> panic action = /usr/share/samba/panic-action %d
> max log size = 1000
>
> [bitacora]
> writeable = yes
> public = yes
> path = /files/bitacora
>
>
> [comun]
> writeable = yes
> public = yes
> path = /files/comun
>
> [admivi]
> writeable = yes
> public = yes
> path = /files/admivi
>
> Thank in advanced
> Rodrigo
>
More information about the samba
mailing list