[Samba] Nessus test issues with open shares - Samba
This is a discussion on [Samba] Nessus test issues with open shares - Samba ; Hi,
My name is Joseph Villa, I'm new to the message boards and I'm also new to
Samba. I just got an e-mail back on our Nessus scans.. Here are the 2 that
are relivant..
1.) The remote host has ...
-
[Samba] Nessus test issues with open shares
Hi,
My name is Joseph Villa, I'm new to the message boards and I'm also new to
Samba. I just got an e-mail back on our Nessus scans.. Here are the 2 that
are relivant..
1.) The remote host has accessible LOGS$ share.
ScriptLogic creates this share to store the logs, but does not properly
set the permissions on it. As a result, anyone
can use it to read the remote logs.
Solution: Limit access to this share to the backup account and the Domain
Administrator.
2.) Backup share can be accessed without authentication.
The remote host has an accessible ARCSERVE$ share.
Several versions of ARCserve store the backup agent username and password
in cleartext in this share.,
An attacker may use this flaw to obtain the password file of the remote
backup agent and use it to gain privilages on the host.
Solution is to limit the access to this share to backup account and domain
administrator.
Both of these are off of our Sun server running Solaris 10 as the OS. I'm
thinking both directories are being shared via Samba. Although
there is much I don't know about this system. Has anyone out there run
into the same issue?
Thanks,
Joseph P Villa, IT Services
USGS Mounds View, MN
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
-
Re: [Samba] Nessus test issues with open shares
On Wed, May 28, 2008 at 12:58:12PM -0400, Joseph P Villa wrote:
> Hi,
>
> My name is Joseph Villa, I'm new to the message boards and I'm also new to
> Samba. I just got an e-mail back on our Nessus scans.. Here are the 2 that
> are relivant..
>
> 1.) The remote host has accessible LOGS$ share.
>
> ScriptLogic creates this share to store the logs, but does not properly
> set the permissions on it. As a result, anyone
> can use it to read the remote logs.
>
> Solution: Limit access to this share to the backup account and the Domain
> Administrator.
>
>
>
>
> 2.) Backup share can be accessed without authentication.
>
> The remote host has an accessible ARCSERVE$ share.
>
> Several versions of ARCserve store the backup agent username and password
> in cleartext in this share.,
> An attacker may use this flaw to obtain the password file of the remote
> backup agent and use it to gain privilages on the host.
>
> Solution is to limit the access to this share to backup account and domain
> administrator.
>
>
>
> Both of these are off of our Sun server running Solaris 10 as the OS. I'm
> thinking both directories are being shared via Samba. Although
> there is much I don't know about this system. Has anyone out there run
> into the same issue?
Post your smb.conf so we can see what shares you have defiend.
Jeremy.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
-
Re: [Samba] Nessus test issues with open shares
There were a few things that I needed to blot out (I used #'s to blot out
the areas that I shouldn't be showing) .. but here it is!
Thanks for all of your help!
# Samba 3.0.23C Global prameters 09/26/06
# WINBIND removed
[global]
## Configured with /usr/local/samba/bin/config_samba
workgroup = GS
security = domain
encrypt passwords = yes
password server = ####
wins server = ####
allow hosts = .gs.doi.net .usgs.gov
##
## Disable Browsing Services
os level = 0
preferred master = no
domain master = no
local master = no
## Please set netbios name to GS naming standard
## example: netbios name = IGS##########
## Pre-stage (create) this computer account in Active Directory
before
## joining to domain
netbios name = igs###########
##
server string = NAME
username map = /usr/local/samba/lib/users.map
password level = 2
printcap name = /usr/local/samba/lib/printers
preload = homes printers
default service = tmp
message command = csh -c 'xedit %s;rm %s' &
NIS homedir = Yes
print command = lp -c -o nobanner -d%p %s; rm %s
## Use a separate log file for each machine
log file = /usr/local/samba/var/log.smbd
## Put a cap on the size of the log files (in Kb).
max log size = 50
map archive = no
## Performance Parameters
log level = 1
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=16834
SO_RCVBUF=16
834 SO_KEEPALIVE
read raw = yes
write raw = yes
max xmit = 65535
getwd cache = yes
## Recommended Security Setting
Restrict anonymous = yes
allow trusted domains = no
client use spnego = yes
client NTLMv2 auth = yes
client lanman auth = no
client plaintext auth = no
ldap ssl = no
## File Oplock Settings can be set globally although should be set a the
## share level depending if you are having problems with Excel or other
## applications not saving properly.
## oplocks = no
## level 2 oplocks = no
# Home Section Samba User home directories are automatically mapped
[homes]
comment = Home Directories
path = %H
read only = No
create mask = 0664
directory mask = 0775
hide dot files = No
## File Oplock Settings
oplocks = no
level 2 oplocks = no
# Printer Section used to list available UNIX printers
[printers]
comment = All Printers
path = /tmp
username = %U
create mask = 0700
guest ok = Yes
print ok = Yes
domain master = no
local master = no
## Please set netbios name to GS naming standard
## example: netbios name = IGS########
## Pre-stage (create) this computer account in Active Directory
before
## joining to domain
netbios name = igs###########
##
server string = NAME
username map = /usr/local/samba/lib/users.map
password level = 2
printcap name = /usr/local/samba/lib/printers
preload = homes printers
default service = tmp
message command = csh -c 'xedit %s;rm %s' &
NIS homedir = Yes
print command = lp -c -o nobanner -d%p %s; rm %s
## Use a separate log file for each machine
log file = /usr/local/samba/var/log.smbd
## Put a cap on the size of the log files (in Kb).
max log size = 50
map archive = no
## Performance Parameters
log level = 1
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=16834
SO_RCVBUF=16
834 SO_KEEPALIVE
read raw = yes
write raw = yes
max xmit = 65535
getwd cache = yes
# Samba 3.0.23C Global prameters 09/26/06
# WINBIND removed
[global]
## Configured with /usr/local/samba/bin/config_samba
workgroup = GS
security = domain
encrypt passwords = yes
password server = igsbccidc01 *
wins server = #####
allow hosts = .gs.doi.net .usgs.gov
##
## Disable Browsing Services
os level = 0
preferred master = no
domain master = no
local master = no
## Please set netbios name to GS naming standard
## example: netbios name = IGS########
## Pre-stage (create) this computer account in Active Directory
before
## joining to domain
netbios name = igs##########
##
server string = NAME
username map = /usr/local/samba/lib/users.map
password level = 2
printcap name = /usr/local/samba/lib/printers
# Samba 3.0.23C Global prameters 09/26/06
# WINBIND removed
[global]
## Configured with /usr/local/samba/bin/config_samba
workgroup = GS
security = domain
encrypt passwords = yes
password server = igsbccidc01 *
wins server = #####
allow hosts = .gs.doi.net .usgs.gov
##
## Disable Browsing Services
os level = 0
preferred master = no
domain master = no
# Samba 3.0.23C Global prameters 09/26/06
# WINBIND removed
[global]
## Configured with /usr/local/samba/bin/config_samba
workgroup = GS
security = domain
encrypt passwords = yes
password server = #####
wins server = #####
allow hosts = .gs.doi.net .usgs.gov
##
## Disable Browsing Services
os level = 0
preferred master = no
domain master = no
local master = no
## Please set netbios name to GS naming standard
## example: netbios name = IGSKIACIFS001
## Pre-stage (create) this computer account in Active Directory
before
## joining to domain
netbios name = igs###########
##
server string = NAME
username map = /usr/local/samba/lib/users.map
password level = 2
printcap name = /usr/local/samba/lib/printers
preload = homes printers
default service = tmp
message command = csh -c 'xedit %s;rm %s' &
NIS homedir = Yes
print command = lp -c -o nobanner -d%p %s; rm %s
## Use a separate log file for each machine
log file = /usr/local/samba/var/log.smbd
## Put a cap on the size of the log files (in Kb).
max log size = 50
map archive = no
## Performance Parameters
log level = 1
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=16834
SO_RCVBUF=16
834 SO_KEEPALIVE
read raw = yes
write raw = yes
max xmit = 65535
getwd cache = yes
## Recommended Security Setting
Restrict anonymous = yes
allow trusted domains = no
client use spnego = yes
client NTLMv2 auth = yes
client lanman auth = no
client plaintext auth = no
ldap ssl = no
## File Oplock Settings can be set globally although should be set a the
## share level depending if you are having problems with Excel or other
## applications not saving properly.
## oplocks = no
## level 2 oplocks = no
# Home Section Samba User home directories are automatically mapped
[homes]
comment = Home Directories
path = %H
read only = No
create mask = 0664
directory mask = 0775
hide dot files = No
## File Oplock Settings
oplocks = no
level 2 oplocks = no
# Printer Section used to list available UNIX printers
[printers]
comment = All Printers
path = /tmp
username = %U
create mask = 0700
guest ok = Yes
print ok = Yes
Joseph P Villa, IT Services
USGS Mounds View, MN
Jeremy Allison
05/28/2008 12:39 PM
Please respond to
Jeremy Allison
To
Joseph P Villa
cc
samba@lists.samba.org
Subject
Re: [Samba] Nessus test issues with open shares
On Wed, May 28, 2008 at 12:58:12PM -0400, Joseph P Villa wrote:
> Hi,
>
> My name is Joseph Villa, I'm new to the message boards and I'm also new
to
> Samba. I just got an e-mail back on our Nessus scans.. Here are the 2
that
> are relivant..
>
> 1.) The remote host has accessible LOGS$ share.
>
> ScriptLogic creates this share to store the logs, but does not properly
> set the permissions on it. As a result, anyone
> can use it to read the remote logs.
>
> Solution: Limit access to this share to the backup account and the
Domain
> Administrator.
>
>
>
>
> 2.) Backup share can be accessed without authentication.
>
> The remote host has an accessible ARCSERVE$ share.
>
> Several versions of ARCserve store the backup agent username and
password
> in cleartext in this share.,
> An attacker may use this flaw to obtain the password file of the remote
> backup agent and use it to gain privilages on the host.
>
> Solution is to limit the access to this share to backup account and
domain
> administrator.
>
>
>
> Both of these are off of our Sun server running Solaris 10 as the OS.
I'm
> thinking both directories are being shared via Samba. Although
> there is much I don't know about this system. Has anyone out there run
> into the same issue?
Post your smb.conf so we can see what shares you have defiend.
Jeremy.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
-
Re: [Samba] Nessus test issues with open shares
I think something went wrong here (at least I hope you don't have 4
global sections).
Joseph P Villa wrote:
>
>
> ...
> [global]
> ...
> [global]
> ...
> [global]
> ...
> [global]
> ...
> Joseph P Villa, IT Services
> USGS Mounds View, MN
>
>
Also this doesn't mention LOGS$ or ARCSERV$.
*Michael Heydon - IT Administrator *
michaelh@jaswin.com.au
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
