[Samba] Nessus test issues with open shares - Samba

This is a discussion on [Samba] Nessus test issues with open shares - Samba ; Hi, My name is Joseph Villa, I'm new to the message boards and I'm also new to Samba. I just got an e-mail back on our Nessus scans.. Here are the 2 that are relivant.. 1.) The remote host has ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: [Samba] Nessus test issues with open shares

  1. [Samba] Nessus test issues with open shares

    Hi,

    My name is Joseph Villa, I'm new to the message boards and I'm also new to
    Samba. I just got an e-mail back on our Nessus scans.. Here are the 2 that
    are relivant..

    1.) The remote host has accessible LOGS$ share.

    ScriptLogic creates this share to store the logs, but does not properly
    set the permissions on it. As a result, anyone
    can use it to read the remote logs.

    Solution: Limit access to this share to the backup account and the Domain
    Administrator.




    2.) Backup share can be accessed without authentication.

    The remote host has an accessible ARCSERVE$ share.

    Several versions of ARCserve store the backup agent username and password
    in cleartext in this share.,
    An attacker may use this flaw to obtain the password file of the remote
    backup agent and use it to gain privilages on the host.

    Solution is to limit the access to this share to backup account and domain
    administrator.



    Both of these are off of our Sun server running Solaris 10 as the OS. I'm
    thinking both directories are being shared via Samba. Although
    there is much I don't know about this system. Has anyone out there run
    into the same issue?

    Thanks,


    Joseph P Villa, IT Services
    USGS Mounds View, MN
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] Nessus test issues with open shares

    On Wed, May 28, 2008 at 12:58:12PM -0400, Joseph P Villa wrote:
    > Hi,
    >
    > My name is Joseph Villa, I'm new to the message boards and I'm also new to
    > Samba. I just got an e-mail back on our Nessus scans.. Here are the 2 that
    > are relivant..
    >
    > 1.) The remote host has accessible LOGS$ share.
    >
    > ScriptLogic creates this share to store the logs, but does not properly
    > set the permissions on it. As a result, anyone
    > can use it to read the remote logs.
    >
    > Solution: Limit access to this share to the backup account and the Domain
    > Administrator.
    >
    >
    >
    >
    > 2.) Backup share can be accessed without authentication.
    >
    > The remote host has an accessible ARCSERVE$ share.
    >
    > Several versions of ARCserve store the backup agent username and password
    > in cleartext in this share.,
    > An attacker may use this flaw to obtain the password file of the remote
    > backup agent and use it to gain privilages on the host.
    >
    > Solution is to limit the access to this share to backup account and domain
    > administrator.
    >
    >
    >
    > Both of these are off of our Sun server running Solaris 10 as the OS. I'm
    > thinking both directories are being shared via Samba. Although
    > there is much I don't know about this system. Has anyone out there run
    > into the same issue?


    Post your smb.conf so we can see what shares you have defiend.

    Jeremy.
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. Re: [Samba] Nessus test issues with open shares

    There were a few things that I needed to blot out (I used #'s to blot out
    the areas that I shouldn't be showing) .. but here it is!

    Thanks for all of your help!

    # Samba 3.0.23C Global prameters 09/26/06
    # WINBIND removed
    [global]
    ## Configured with /usr/local/samba/bin/config_samba
    workgroup = GS
    security = domain
    encrypt passwords = yes
    password server = ####
    wins server = ####
    allow hosts = .gs.doi.net .usgs.gov
    ##
    ## Disable Browsing Services
    os level = 0
    preferred master = no
    domain master = no
    local master = no
    ## Please set netbios name to GS naming standard
    ## example: netbios name = IGS##########
    ## Pre-stage (create) this computer account in Active Directory
    before
    ## joining to domain
    netbios name = igs###########
    ##
    server string = NAME
    username map = /usr/local/samba/lib/users.map
    password level = 2
    printcap name = /usr/local/samba/lib/printers
    preload = homes printers
    default service = tmp
    message command = csh -c 'xedit %s;rm %s' &
    NIS homedir = Yes
    print command = lp -c -o nobanner -d%p %s; rm %s
    ## Use a separate log file for each machine
    log file = /usr/local/samba/var/log.smbd
    ## Put a cap on the size of the log files (in Kb).
    max log size = 50
    map archive = no
    ## Performance Parameters
    log level = 1
    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=16834
    SO_RCVBUF=16
    834 SO_KEEPALIVE
    read raw = yes
    write raw = yes
    max xmit = 65535
    getwd cache = yes
    ## Recommended Security Setting
    Restrict anonymous = yes
    allow trusted domains = no
    client use spnego = yes
    client NTLMv2 auth = yes
    client lanman auth = no
    client plaintext auth = no
    ldap ssl = no
    ## File Oplock Settings can be set globally although should be set a the
    ## share level depending if you are having problems with Excel or other
    ## applications not saving properly.
    ## oplocks = no
    ## level 2 oplocks = no

    # Home Section Samba User home directories are automatically mapped
    [homes]
    comment = Home Directories
    path = %H
    read only = No
    create mask = 0664
    directory mask = 0775
    hide dot files = No
    ## File Oplock Settings
    oplocks = no
    level 2 oplocks = no
    # Printer Section used to list available UNIX printers
    [printers]
    comment = All Printers
    path = /tmp
    username = %U
    create mask = 0700
    guest ok = Yes
    print ok = Yes

    domain master = no
    local master = no
    ## Please set netbios name to GS naming standard
    ## example: netbios name = IGS########
    ## Pre-stage (create) this computer account in Active Directory
    before
    ## joining to domain
    netbios name = igs###########
    ##
    server string = NAME
    username map = /usr/local/samba/lib/users.map
    password level = 2
    printcap name = /usr/local/samba/lib/printers
    preload = homes printers
    default service = tmp
    message command = csh -c 'xedit %s;rm %s' &
    NIS homedir = Yes
    print command = lp -c -o nobanner -d%p %s; rm %s
    ## Use a separate log file for each machine
    log file = /usr/local/samba/var/log.smbd
    ## Put a cap on the size of the log files (in Kb).
    max log size = 50
    map archive = no
    ## Performance Parameters
    log level = 1
    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=16834
    SO_RCVBUF=16
    834 SO_KEEPALIVE
    read raw = yes
    write raw = yes
    max xmit = 65535
    getwd cache = yes
    # Samba 3.0.23C Global prameters 09/26/06
    # WINBIND removed
    [global]
    ## Configured with /usr/local/samba/bin/config_samba
    workgroup = GS
    security = domain
    encrypt passwords = yes
    password server = igsbccidc01 *
    wins server = #####
    allow hosts = .gs.doi.net .usgs.gov
    ##
    ## Disable Browsing Services
    os level = 0
    preferred master = no
    domain master = no
    local master = no
    ## Please set netbios name to GS naming standard
    ## example: netbios name = IGS########
    ## Pre-stage (create) this computer account in Active Directory
    before
    ## joining to domain
    netbios name = igs##########
    ##
    server string = NAME
    username map = /usr/local/samba/lib/users.map
    password level = 2
    printcap name = /usr/local/samba/lib/printers
    # Samba 3.0.23C Global prameters 09/26/06
    # WINBIND removed
    [global]
    ## Configured with /usr/local/samba/bin/config_samba
    workgroup = GS
    security = domain
    encrypt passwords = yes
    password server = igsbccidc01 *
    wins server = #####
    allow hosts = .gs.doi.net .usgs.gov
    ##
    ## Disable Browsing Services
    os level = 0
    preferred master = no
    domain master = no
    # Samba 3.0.23C Global prameters 09/26/06
    # WINBIND removed
    [global]
    ## Configured with /usr/local/samba/bin/config_samba
    workgroup = GS
    security = domain
    encrypt passwords = yes
    password server = #####
    wins server = #####
    allow hosts = .gs.doi.net .usgs.gov
    ##
    ## Disable Browsing Services
    os level = 0
    preferred master = no
    domain master = no
    local master = no
    ## Please set netbios name to GS naming standard
    ## example: netbios name = IGSKIACIFS001
    ## Pre-stage (create) this computer account in Active Directory
    before
    ## joining to domain
    netbios name = igs###########
    ##
    server string = NAME
    username map = /usr/local/samba/lib/users.map
    password level = 2
    printcap name = /usr/local/samba/lib/printers
    preload = homes printers
    default service = tmp
    message command = csh -c 'xedit %s;rm %s' &
    NIS homedir = Yes
    print command = lp -c -o nobanner -d%p %s; rm %s
    ## Use a separate log file for each machine
    log file = /usr/local/samba/var/log.smbd
    ## Put a cap on the size of the log files (in Kb).
    max log size = 50
    map archive = no
    ## Performance Parameters
    log level = 1
    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=16834
    SO_RCVBUF=16
    834 SO_KEEPALIVE
    read raw = yes
    write raw = yes
    max xmit = 65535
    getwd cache = yes
    ## Recommended Security Setting
    Restrict anonymous = yes
    allow trusted domains = no
    client use spnego = yes
    client NTLMv2 auth = yes
    client lanman auth = no
    client plaintext auth = no
    ldap ssl = no
    ## File Oplock Settings can be set globally although should be set a the
    ## share level depending if you are having problems with Excel or other
    ## applications not saving properly.
    ## oplocks = no
    ## level 2 oplocks = no

    # Home Section Samba User home directories are automatically mapped
    [homes]
    comment = Home Directories
    path = %H
    read only = No
    create mask = 0664
    directory mask = 0775
    hide dot files = No
    ## File Oplock Settings
    oplocks = no
    level 2 oplocks = no
    # Printer Section used to list available UNIX printers
    [printers]
    comment = All Printers
    path = /tmp
    username = %U
    create mask = 0700
    guest ok = Yes
    print ok = Yes

    Joseph P Villa, IT Services
    USGS Mounds View, MN



    Jeremy Allison
    05/28/2008 12:39 PM
    Please respond to
    Jeremy Allison


    To
    Joseph P Villa
    cc
    samba@lists.samba.org
    Subject
    Re: [Samba] Nessus test issues with open shares






    On Wed, May 28, 2008 at 12:58:12PM -0400, Joseph P Villa wrote:
    > Hi,
    >
    > My name is Joseph Villa, I'm new to the message boards and I'm also new

    to
    > Samba. I just got an e-mail back on our Nessus scans.. Here are the 2

    that
    > are relivant..
    >
    > 1.) The remote host has accessible LOGS$ share.
    >
    > ScriptLogic creates this share to store the logs, but does not properly
    > set the permissions on it. As a result, anyone
    > can use it to read the remote logs.
    >
    > Solution: Limit access to this share to the backup account and the

    Domain
    > Administrator.
    >
    >
    >
    >
    > 2.) Backup share can be accessed without authentication.
    >
    > The remote host has an accessible ARCSERVE$ share.
    >
    > Several versions of ARCserve store the backup agent username and

    password
    > in cleartext in this share.,
    > An attacker may use this flaw to obtain the password file of the remote
    > backup agent and use it to gain privilages on the host.
    >
    > Solution is to limit the access to this share to backup account and

    domain
    > administrator.
    >
    >
    >
    > Both of these are off of our Sun server running Solaris 10 as the OS.

    I'm
    > thinking both directories are being shared via Samba. Although
    > there is much I don't know about this system. Has anyone out there run
    > into the same issue?


    Post your smb.conf so we can see what shares you have defiend.

    Jeremy.

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  4. Re: [Samba] Nessus test issues with open shares

    I think something went wrong here (at least I hope you don't have 4
    global sections).

    Joseph P Villa wrote:
    >
    >
    > ...
    > [global]
    > ...
    > [global]
    > ...
    > [global]
    > ...
    > [global]
    > ...
    > Joseph P Villa, IT Services
    > USGS Mounds View, MN
    >
    >


    Also this doesn't mention LOGS$ or ARCSERV$.


    *Michael Heydon - IT Administrator *
    michaelh@jaswin.com.au

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread