*NIX

Oct. 7, 2008, 6:20 p.m.
posted by whitehat

Basic Samba Security



Basic Samba Security

You can restrict connections to your server on both a per-interface and a per-network basis in the [global] section of the smb.conf file. Always remember to include your loopback interface lo and the loopback interface's network 127.0.0.0/8 in your configuration.

This type of security is activated by:

  • Setting the bind interfaces only parameter to yes.

  • Configuring Samba to deny all connections by default and then allowing specified hosts through with the hosts allow and hosts deny settings. In this case, the 192.168.1.0/24 has been included as a valid network. You also can include the IP addresses of individual hosts in this list.

  • Specifying the interfaces on which Samba will be active. Interface eth0 is on the 192.168.1.0/24 network, so I have included it here.

    [global]
...
bind interfaces only = Yes
hosts deny = ALL
hosts allow = 192.168.1.0/24 127.
interfaces = eth0 lo

     Python   SQL   Java   php   Perl 
     game development   web development   internet   *nix   graphics   hardware 
     telecommunications   C++ 
     Flash   Active Directory   Windows