Introduction

This article was started to give some general advice on security considerations and is not an exhaustive review of samba security.

/etc/samba/smb.conf

  • Networking Section - use "hosts allow" and "hosts deny"

# hosts allow = 127.0.0.1 192.168.1.0/24
hosts allow = 127.0.0.1 192.168.1.1 192.168.1.2
hosts deny = 0.0.0.0/0
  • hosts deny 0.0.0.0/0 = all others.
  • Shares
    • When defining a share, consider the following options :
      1. browseable = no ~ Shares will not show up when browsing your network.
      2. users = user1 user2 ~ List of users able to access the share

When setting up a Samba share, you can limit the users who have access to your share

[private]
        comment = Private Share
        path = /path/to/share/point
        browseable = no
        read only = no
        valid users = user1 user2 user3

Now only samba users user1, user2, and user3 will have access to the share "private".

Firewall

Configure your firewall (iptables) to limit access to your server. Samba uses ports

  • UDP ports 137 and 138
  • TCP ports 139 and 445

Samba/SecuringSamba (last edited 2010-12-27 18:16:49 by ddkkdd2020)