CCID-it reports: Server Message (SMB)
Block) protocol is a high-level protocol that allows different computers on the network to share files, printers, and different communication materials. SMB uses Netbios
API implements connection-oriented protocol, which provides a mechanism for communication between Windows client programs and services through virtual circuits and is the core of Samba. After Samba is installed
Resources can be shared directly between UNIX and windows, eliminating the need for FTP.
The core of Samba is the two daemon processes smbd and nmbd. The server continues to run until it is stopped. Smbd listens to the 139tcp port; nmbd listens to the 137 and 138udp ports.
Security configurations that cannot be ignored
Although Samba enables us to share files in windows and Unix LAN, Unix systems are like a network PC or Windows
PC, or other Windows computers in the LAN are as "gentle" and easy to use, providing strong service functions and simple operations. In addition, Unix systems can access Windows hard disks and mount them directly.
Windows directories are easier to use, just like using local files. However, if Samba is improperly configured and unscientific, the security of the system cannot be discussed.
Unattended.
1. Samba Security Level
Samba has four security levels, which can be specified using the security parameter. They are:
Share: users can log on to the Samba server without their account and password.
User: the Samba server that provides services is responsible for checking the account and password (which is the default security level of Samba ).
Server: check your account and password. Specify another Windows NT/2000 or Samba server.
Domain: Specify the Windows NT/2000 domain control server to verify the user's account and password.
2. Security global Parameters
Samba is highly secure in the operating system. Generally, its security depends on the correct configuration of the smb. conf file. Table 1 is a common security global parameter in the smb. conf file.
Table 1
3. Samba permission and file owner
Setting Samba permissions and correct file attributes is a prerequisite for ensuring security. Set
The Samba password file and directory have the root permission. Remove some shell-free accounts in the smbpasswd file. The Samba attribute should be set to 500, and The smbpasswd attribute should be set
Set to 600. We can perform the following operations to view the file and set it:
(1) Check permissions and file attributes
// Check the Samba File
[Root @ ora9 root] # ll-D/etc/samba
Drwxr-XR-x 2 root Root 4096 Sep 16 2004/etc/samba
// Check the msbpasswd File
[Root @ ora9 root] # ll/etc/samba/smbpasswd
-RW --- 1 Root 105 Sep 16 2004/etc/samba/smbpasswd
(2) Check the correctness of the configuration file
Enter the following command to display your configurations and all default configurations:
[root@ora9 root]# testparm Load smb config files from /etc/samba/smb.conf Processing section "[homes]" Processing section "[printers]" Processing section "[homepage]" Loaded services file OK. Press enter to see a dump of your service definitions |