IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Communications Remarks
____________________________________________________________________ .........................................
S 5.82 Secure Use of SAMBA
Initiation responsibility: Head of IT Section, Administrator
Implementation responsibility: Administrator
SAMBA is a freeware software package for UNIX operating systems which,
amongst other things, provides file, print and authentication services over the
Server Message Block (SMB) and Common Internet File System (CIFS)
protocols. The most important examples of SMB/CIFS clients are definitely
the operating systems in the Microsoft Windows family. With SAMBA it is
possible, for example, for Windows 9x or Windows NT computers to access
shared files on a UNIX server directly. This obviates the need to take a detour
over the FTP or NFS protocols or to install additional software on the client.
In the current version, SAMBA simulates a whole range of Windows NT
server functions so that in many cases it is possible to use a UNIX system with
SAMBA in lieu of such a server.
If SAMBA is in use within the agency/company, the recommendations set out
below should be considered.
Programming errors which sometimes can induce security loopholes have
been discovered in older versions of SAMBA. An up-to-date version should
be used, in which as far as possible all known security-relevant errors have
been eliminated.
Using the file smb.conf, it is possible to configure the SAMBA server in an
extremely flexible and detailed manner. However, this also makes the system
somewhat complex. Before using SAMBA, it is therefore important to read
the documentation thoroughly. The configuration should be carefully planned,
documented and implemented through appropriate parameter settings in file
smb.conf. For example, a long description of the various parameters can be
viewed by entering the command man smb.conf. In the event that
configuration settings are altered, checks should be performed using the
documentation and appropriate tests to ensure that the change in configuration
does not result in unwanted side-effects.
The following parameters are particularly problematic in terms of the possible
security risks associated with them. They should therefore only be used after
checking thoroughly all the possible effects on the IT security of the server.
[...] command
add user script
delete user script
fake oplocks
ldap [...]
panic action
passwd program
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000
postexec
preexec / exec
root postexec
root preexec
smbrun
unix password sync
With the testparm program it is possible to check whether the settings in file
smb.conf are permitted. Of course it is not possible using that program to draw
any conclusions as to whether the settings do have the desired effect or
security-relevant effects. Creation and maintenance of the smb.conf file can
also be supported by graphical user interfaces, for example using the Samba