Open question on security and 2.0.6
Henri J. Schlereth
henris at neandertal.org
Fri Feb 18 08:06:10 GMT 2000
I was working on a configuration issue on my smb.conf and was looking
thru log.smb to find any error messages. While I did that (and fixed
that particular problem BTW) I came across the following:
log.smb: Connection denied from 210.8.103.146
log.smb: Connection denied from 206.222.222.3
This would indicate to me that someone was trying to access
smbd across the Internet. Now I have all kinds of lovely little
breadcrumb traps that not only deny access to other processes and
ports but also send me a kind little warning email that someone
has been nosing around my system.
But this sort of thing has evidently escaped me for some time.
I understand I could get this logged to syslog as well but that
doesnt give me any notification that something is going on. I could
also write a cron job that scans these files but why isnt there
some sort of alarm flag raised? The host allow/deny stuff is set
to where no one can get in and samba is bound only to interfaces
internally.
Any other suggestions?
Henri J. Schlereth
--
-------------------------------------------------------------
"All data leaves a trial. The search for data leaves a trial.
The erasure of data leaves a trial.The absence of data, under
the right circumstances,can leave the clearest trial of all-
Dr Kio Masada"
-------------------------------------------------------------
More information about the samba
mailing list