bytxl的专栏

得意之时谨记,一半命运还掌握在上帝手里;失意之时须知,一半命运还掌握在自己手里。...

linux上samba服务的IPC$空连接入侵防范

The IPC$ share allows users to anonymously fetch a list of shared resources from a server. It can be used as a point of attack into a system. How do I disable or limit IPC$ under Samba to certain subnet such as 10.0.0.0/8?

You can easily limit access to the IPC$ share under Samba using hosts allow and hosts deny feature. Another option is firewall samba port and limit access within your own subnet so that only machines in your network will be able to connect to it. Open smb.conf and make [IPC$] set it as follows:

 
     [IPC$]
       hosts allow = 10.0.0. 127.0.0.1
       hosts deny = 0.0.0.0/0
 

Save and close the file. Restart samba:
/etc/init.d/smb restart

Use iptables to restrict access

You can also add something as follows to your iptables script (/etc/sysconfig/iptables under CentOS / RHEL / Fedora Linux)

 
-A RH-Firewall-1-INPUT -s 10.0.0.0/8 -m state --state NEW -p tcp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -s 10.0.0.0/8 -m state --state NEW -p tcp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -s 10.0.0.0/8 -m state --state NEW -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -s 10.0.0.0/8 -m state --state NEW -p tcp --dport 445 -j ACCEPT
 

Save and close the file. Restart iptables:
# service iptables restart


http://www.cyberciti.biz/faq/samba-restrict-access-to-ipc-share/


阅读更多
上一篇Samba常用配置及GUEST访问
下一篇关于openssl库的链接问题
想对作者说点什么? 我来说一句

没有更多推荐了,返回首页

关闭
关闭