[Samba] Problem with SAMBA

Christoph Scheeder christoph.scheeder at scheeder.de
Wed Jun 16 16:38:57 GMT 2004


Err,
i think this is not a samba question, it is a security question.
But anyhow:

R U N ,
not walk to your box and set up a firewall on your system not
letting smb-shares to the internet and you should be fine for the
first moment. Then install chkrootkit on that box and run it.
I guess it will at least find one rootkit installed.
i accidently had a minimal debian box a few days running on an adsl-link
without firewall and it was rootkitted the first day it ran.
setting hosts.deny is far far away from making your debian/linux box
secure if it has an internet-connection.
Christoph

Rodrigo Haces schrieb:

> Hi, i have a debian box connected to internet by ADSL, in that box i share
> internet to all my local network, i also have to share 3 directories with
> samba with full read/write permissions.
> 
> my hosts.deny is ALL:ALL and my hosts.allow is ALL:127. AND ALL:192.168.0.
> so that i only accept connections from inside my local network.
> 
> Here is the problem, i cannot ask for a password to let them write in my
> directories because im using them as a database location so that my CRM
> application connects there, but with this, intruders from outside my network
> can write virus programs (And are actually doing it, writing a Xi.exe
> program). So, how can i prevent this? here is my smb.conf:
> 
> [global]
>         log file = /var/log/samba/log.%m
>         passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
> *Retype\snew\sUNIX\spassword:* %n\n
>         socket options = TCP_NODELAY
>         obey pam restrictions = yes
>         null passwords = yes
>         encrypt passwords = true
>         passdb backend = tdbsam guest
>         passwd program = /usr/bin/passwd %u
>         dns proxy = no
>         netbios name = Servidor
>         server string = %h server (Samba %v)
>         invalid users = root
>         workgroup = infosys
>         debug level = 0
>         os level = 20
>         syslog = 0
>         security = share
>         panic action = /usr/share/samba/panic-action %d
>         max log size = 1000
> 
> [bitacora]
>        writeable = yes
>        public = yes
>        path = /files/bitacora
> 
> 
> [comun]
>        writeable = yes
>        public = yes
>        path = /files/comun
> 
> [admivi]
>         writeable = yes
>         public = yes
>         path = /files/admivi
> 
> Thank in advanced
> Rodrigo
> 



More information about the samba mailing list