[Samba] Nessus - SMB Use Host SID to Enumerate Local Users Without Credentials
Edouard Guigné
eguigne at pasteur-cayenne.fr
Thu Dec 3 16:47:41 UTC 2020
Hello,
I tested my samba share with nessus, and I found :
"Using the host security identifier (SID), Nessus was able to enumerate
local users on the remote Windows system, without credentials."
My samba version is 4.10.16
The samba server is configured as domain member (not AD), in order to
serve only files.
Is there a way to improve that security point ?
result of testparm :
# Global parameters
[global]
client min protocol = SMB2
client signing = required
disable spoolss = Yes
domain master = No
kerberos method = secrets and keytab
load printers = No
local master = No
log file = /var/log/samba/%m.log
preferred master = No
printcap name = /dev/null
realm = XXXX.XXXX.XX
security = ADS
server min protocol = SMB2_02
server signing = required
winbind nss info = rfc2307
winbind use default domain = Yes
workgroup = XXXX
idmap config ipgad : unix_primary_group = yes
idmap config ipgad : unix_nss_info = yes
idmap config ipgad : range = 10000 - 14999
idmap config ipgad : schema_mode = rfc2307
idmap config ipgad : backend = ad
idmap config * : range = 15000-99999
idmap config * : backend = tdb
cups options = raw
hosts allow = 127. 10.9.x.
hosts deny = 10.9.x.
map acl inherit = Yes
use sendfile = Yes
vfs objects = acl_xattr
[groups]
comment = mysmbserver
path = /var/datashared
read only = No
valid users = "@IPGAD\utilisateurs du domaine"
vfs objects = acl_xattr streams_xattr shadow_copy2
shadow:format = daily_%Y.%m.%d-%H.%M.%S
shadow:localtime = yes
shadow:sort = desc
shadow:basedir = /var/datashared
shadow:snapdir = /data/datashared/snapshots
[homes]
browseable = No
comment = Home Directories
create mask = 0700
directory mask = 0700
hide files = /~*.tmp/profile/desktop.ini/~$*/
path = /home
read only = No
valid users = %S
[printers]
browseable = No
comment = All Printers
create mask = 0600
path = /var/tmp
printable = Yes
[print$]
comment = Printer Drivers
create mask = 0664
directory mask = 0775
path = /var/lib/samba/drivers
write list = root
Best regards,
Ed
More information about the samba
mailing list