Hi, My name is Joseph Villa, I'm new to the message boards and I'm also new to Samba. I just got an e-mail back on our Nessus scans.. Here are the 2 that are relivant.. 1.) The remote host has accessible LOGS$ share. ScriptLogic creates this share to store the logs, but does not properly set the permissions on it. As a result, anyone can use it to read the remote logs. Solution: Limit access to this share to the backup account and the Domain Administrator. 2.) Backup share can be accessed without authentication. The remote host has an accessible ARCSERVE$ share. Several versions of ARCserve store the backup agent username and password in cleartext in this share., An attacker may use this flaw to obtain the password file of the remote backup agent and use it to gain privilages on the host. Solution is to limit the access to this share to backup account and domain administrator. Both of these are off of our Sun server running Solaris 10 as the OS. I'm thinking both directories are being shared via Samba. Although there is much I don't know about this system. Has anyone out there run into the same issue? Thanks, Joseph P Villa, IT Services USGS Mounds View, MN
On Wed, May 28, 2008 at 12:58:12PM -0400, Joseph P Villa wrote:> Hi, > > My name is Joseph Villa, I'm new to the message boards and I'm also new to > Samba. I just got an e-mail back on our Nessus scans.. Here are the 2 that > are relivant.. > > 1.) The remote host has accessible LOGS$ share. > > ScriptLogic creates this share to store the logs, but does not properly > set the permissions on it. As a result, anyone > can use it to read the remote logs. > > Solution: Limit access to this share to the backup account and the Domain > Administrator. > > > > > 2.) Backup share can be accessed without authentication. > > The remote host has an accessible ARCSERVE$ share. > > Several versions of ARCserve store the backup agent username and password > in cleartext in this share., > An attacker may use this flaw to obtain the password file of the remote > backup agent and use it to gain privilages on the host. > > Solution is to limit the access to this share to backup account and domain > administrator. > > > > Both of these are off of our Sun server running Solaris 10 as the OS. I'm > thinking both directories are being shared via Samba. Although > there is much I don't know about this system. Has anyone out there run > into the same issue?Post your smb.conf so we can see what shares you have defiend. Jeremy.