关闭

linux上samba服务的IPC$空连接入侵防范

829人阅读 评论(0) 收藏 举报
分类:

The IPC$ share allows users to anonymously fetch a list of shared resources from a server. It can be used as a point of attack into a system. How do I disable or limit IPC$ under Samba to certain subnet such as 10.0.0.0/8?

You can easily limit access to the IPC$ share under Samba using hosts allow and hosts deny feature. Another option is firewall samba port and limit access within your own subnet so that only machines in your network will be able to connect to it. Open smb.conf and make [IPC$] set it as follows:

 
     [IPC$]
       hosts allow = 10.0.0. 127.0.0.1
       hosts deny = 0.0.0.0/0
 

Save and close the file. Restart samba:
/etc/init.d/smb restart

Use iptables to restrict access

You can also add something as follows to your iptables script (/etc/sysconfig/iptables under CentOS / RHEL / Fedora Linux)

 
-A RH-Firewall-1-INPUT -s 10.0.0.0/8 -m state --state NEW -p tcp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -s 10.0.0.0/8 -m state --state NEW -p tcp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -s 10.0.0.0/8 -m state --state NEW -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -s 10.0.0.0/8 -m state --state NEW -p tcp --dport 445 -j ACCEPT
 

Save and close the file. Restart iptables:
# service iptables restart


http://www.cyberciti.biz/faq/samba-restrict-access-to-ipc-share/


0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:1633036次
    • 积分:20987
    • 等级:
    • 排名:第362名
    • 原创:253篇
    • 转载:1572篇
    • 译文:0篇
    • 评论:40条
    最新评论