You are Here:
Linux Lite 4.4 Final has been released. See the Release Announcements section for more information.



[ SECURITY ] Samba [SOLVED]

Author (Read 3020 times)

0 Members and 1 Guest are viewing this topic.

Samba [SOLVED]
« on: April 22, 2017, 08:04:34 PM »
 

bitsnpcs

  • Platinum Level Poster
  • **********
  • 3113
    Posts
  • Country: ie
  • Reputation: 295
    • PrettyDizzy

  • Linux Lite: 3.2 64bit
Hello,

this week there were quite a few updates for Samba.

I noticed tonight when checking UFW, there were Samba rules that bypass the default Deny incoming, by having an "allow connections from ANYWHERE" in capitals like this from a range of ports.

Ufw would not allow editing of this rule saying Ufw had made the rule.

I removed these rules rebooted and checked again if they had enabled on startup, they are currently not enabled, I will keep an eye on it.

I would suggest everyone checks their current ufw status to ensure it is not allowing access from anywhere to their system since these updates from Ubuntu.
Last Edit: April 25, 2017, 01:05:37 AM by bitsnpcs
 


Re: Samba [SOLVED]
« Reply #1 on: April 23, 2017, 04:36:38 AM »
 

newtusmaximus

  • Gold Level Poster
  • *******
  • 629
    Posts
  • Country: gb
  • Reputation: 60
  • Paypal Supporter.

  • Linux Lite: 3.6 64bit

  • CPU: Intel Core duo 6300 1.86GHz

  • MEMORY: 4Gb

  • VIDEO CARD: Intel 82Q963/Q965
Thank you.   Please advise where I can find the procedure for checking this ?



UPDATE
Have installed latest updates just now.

menu/settings/Firewall configuration     Status On    DENY Incoming     ALLOW outgoing    RULES -  BLANK

Therefore presume my pc has not been vulnerable? as no rules evident

Is that a correct assumption??
Last Edit: April 23, 2017, 10:52:48 AM by newtusmaximus
2006 - HP DC7700p ultraslim Desktop Intel 6300 cpu  4GB Ram LL3.6 64bit.
2007 - Fujitsu Siemens V3405 Laptop  2 GB Ram LL3.6 32bit. Now 32bit Debian 9.
2006 - Fujitsu Siemens Si1520 Laptop Intel T720 cpu 3GB Ram LL4.4 64bit
2003 - RETIRED Toshiba Satellite Pro A10 1 GB RAM LL2.8 32bit
 

Re: Samba [SOLVED]
« Reply #2 on: April 23, 2017, 11:24:04 AM »
 

bitsnpcs

  • Platinum Level Poster
  • **********
  • 3113
    Posts
  • Country: ie
  • Reputation: 295
    • PrettyDizzy

  • Linux Lite: 3.2 64bit
I noticed it first when checking this way in terminal

Code: [Select]
sudo ufw status verbose
You can find more details of it at https://help.ubuntu.com/community/UFW

I then checked graphically  Menu>Settings>Firewall Configuration
entered password.
In the GUI clicked the tab "Rules" and seen the two rules that had been added.
I used the Minus symbol at the base of GUI to remove them.

I also went back to terminal for help on those before deleting rules, there were 6 active connections, 4 dropped whilst I was checking it, 2 remained until after the rules were deleted and until I restarted the computer. I have seen no connections in checks since.

I am unsure if it is related to those connections/rules, or whether it is currently being upgrading, or whether it was attacked, but the help manual in the main menu does not work now, when clicked it now opens and displays as a text document file on the desktop, showing the html and css.

I will look around the computer tonight and see if I can find any other changes.
 

Re: Samba [SOLVED]
« Reply #3 on: April 23, 2017, 11:38:58 AM »
 

bitsnpcs

  • Platinum Level Poster
  • **********
  • 3113
    Posts
  • Country: ie
  • Reputation: 295
    • PrettyDizzy

  • Linux Lite: 3.2 64bit
Thank you.   Please advise where I can find the procedure for checking this ?



UPDATE
Have installed latest updates just now.

menu/settings/Firewall configuration     Status On    DENY Incoming     ALLOW outgoing    RULES -  BLANK

Therefore presume my pc has not been vulnerable? as no rules evident

Is that a correct assumption??

Yes this sounds good, it is how it should look. :)

Keep in mind I check for updates several times per session, first thing after startup, before shutdown, and during the session etc.
Does your help manual in the main menu work currently ?
 

Re: Samba [SOLVED]
« Reply #4 on: April 23, 2017, 11:42:27 AM »
 

paul1149

  • PayPal Supporter
  • I come here a lot
  • *****
  • 316
    Posts
  • Country: us
  • Reputation: 42
  • Enjoying Linux

  • Linux Lite: 3.6 64bit

  • CPU: C2D

  • MEMORY: 6Gb

  • VIDEO CARD: nVidia
Good catch, bitsnpcs. My ufw was in the same open state, whereas before (with LL 3,2, I didn't check after the 3.4 upgrade) I only allowed access from the LAN here.
 

Re: Samba [SOLVED]
« Reply #5 on: April 23, 2017, 12:14:22 PM »
 

bitsnpcs

  • Platinum Level Poster
  • **********
  • 3113
    Posts
  • Country: ie
  • Reputation: 295
    • PrettyDizzy

  • Linux Lite: 3.2 64bit
Hello paul1149,

I am glad it was helpful.:)
 

Re: Samba [SOLVED]
« Reply #6 on: April 23, 2017, 02:09:43 PM »
 

newtusmaximus

  • Gold Level Poster
  • *******
  • 629
    Posts
  • Country: gb
  • Reputation: 60
  • Paypal Supporter.

  • Linux Lite: 3.6 64bit

  • CPU: Intel Core duo 6300 1.86GHz

  • MEMORY: 4Gb

  • VIDEO CARD: Intel 82Q963/Q965
bitsnpcs,

HP dc7700p LL3.4 64bit

A )SAMBA  Help seems to be working OK , also all links correct    via menu/setting/  Config. Firewall

Terminal

-HP-Compaq-dc7700p-Ultra-slim-Desktop:~$  sudo ufw status verbose
[sudo] password for lHP-Compaq:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
HP-Compaq-dc7700p-Ultra-slim-Desktop:~$

Not sure what the signiifcance of "New profiles - Skip"

Assuming  my pc not effected, then why yours and others??  I am updating regularly as notified.
Last Edit: April 23, 2017, 02:22:45 PM by newtusmaximus
2006 - HP DC7700p ultraslim Desktop Intel 6300 cpu  4GB Ram LL3.6 64bit.
2007 - Fujitsu Siemens V3405 Laptop  2 GB Ram LL3.6 32bit. Now 32bit Debian 9.
2006 - Fujitsu Siemens Si1520 Laptop Intel T720 cpu 3GB Ram LL4.4 64bit
2003 - RETIRED Toshiba Satellite Pro A10 1 GB RAM LL2.8 32bit
 

Re: Samba [SOLVED]
« Reply #7 on: April 23, 2017, 03:09:20 PM »
 

Ottawagrant

  • Forum Regular
  • ***
  • 182
    Posts
  • Country: ca
  • Reputation: 27
  • Linux Lite Member

  • Linux Lite: 4.2 64bit

  • CPU: Intel Duo Core 2 E8400 @ 3.00GHz

  • MEMORY: 12Gb

  • VIDEO CARD: Mesa DRI Intel Q45/Q43
In UFW I don't have any added rules in either x32 or x64 copies of Linux Lite 3.6. Both my 32 & 64bit LL's are fresh installs. Even though you can upgrade I usually do a fresh install. Only because I have the time & for no other reason. Using my HP Compaq 7900's right now. This is an interesting one.
 

Re: Samba [SOLVED]
« Reply #8 on: April 23, 2017, 04:39:38 PM »
 

newtusmaximus

  • Gold Level Poster
  • *******
  • 629
    Posts
  • Country: gb
  • Reputation: 60
  • Paypal Supporter.

  • Linux Lite: 3.6 64bit

  • CPU: Intel Core duo 6300 1.86GHz

  • MEMORY: 4Gb

  • VIDEO CARD: Intel 82Q963/Q965
Just checked the two family laptops after updates.  Neither show any additional scripts .  The V3405  route was fresh install of 3.2 32 bit eventually  upgraded to 3.4 32 bit.   The Si1520 was a fresh install of 3.4 64bit.
2006 - HP DC7700p ultraslim Desktop Intel 6300 cpu  4GB Ram LL3.6 64bit.
2007 - Fujitsu Siemens V3405 Laptop  2 GB Ram LL3.6 32bit. Now 32bit Debian 9.
2006 - Fujitsu Siemens Si1520 Laptop Intel T720 cpu 3GB Ram LL4.4 64bit
2003 - RETIRED Toshiba Satellite Pro A10 1 GB RAM LL2.8 32bit
 

Re: Samba [SOLVED]
« Reply #9 on: April 23, 2017, 10:48:45 PM »
 

bitsnpcs

  • Platinum Level Poster
  • **********
  • 3113
    Posts
  • Country: ie
  • Reputation: 295
    • PrettyDizzy

  • Linux Lite: 3.2 64bit
Hello newtusmaximus,

in the

Code: [Select]
man ufw
under "Application Integration" section it says the new profiles skip, my understanding (which may be wrong) that -
1/you can add rules to allow the applications to pass the firewall.
2/ without adding the specific rule to allow an application "ufw allow<app name>" then default is to skip, the process of adding new rules for applications.

I think it means for example if a rogue app decided to add its own rules to bypass the firewall it wouldn't allow this as the sudo user has not entered the rule specifying the app/software by name in terminal ?

I don't know why it has happened to mine and others, yet not yours, but its good it didn't happen  :)


Hello Ottawagrant,

Good to read you have not had the rules added  :)

I also have not added any rules, there were only the default rules until these appeared.
I have done both ways, upgrading in the 2.n series. A clean install in 3 series, as I had first installed quite soon before the next version.

In the Install Updates last week there was almost a full GUI of Samba updates from Ubuntu repo, I think 1 or 2 lines short of a full window.
If it was something that came down in the Ubuntu repo updates would this have went out to every distro based on Ubuntu ?
 

Re: Samba [SOLVED]
« Reply #10 on: April 24, 2017, 04:17:06 AM »
 

newtusmaximus

  • Gold Level Poster
  • *******
  • 629
    Posts
  • Country: gb
  • Reputation: 60
  • Paypal Supporter.

  • Linux Lite: 3.6 64bit

  • CPU: Intel Core duo 6300 1.86GHz

  • MEMORY: 4Gb

  • VIDEO CARD: Intel 82Q963/Q965
All this is way beyond my abilities/understanding.
A)  Could it be that the ppa from which those that are affected get their updates is different to those who are not affected??
B) Once scripts under the Rules have been removed, do they reappear after a later update?? or before an update??
C) If before a later update, what is the cauuse - malware / virus already penetrated the system??

2006 - HP DC7700p ultraslim Desktop Intel 6300 cpu  4GB Ram LL3.6 64bit.
2007 - Fujitsu Siemens V3405 Laptop  2 GB Ram LL3.6 32bit. Now 32bit Debian 9.
2006 - Fujitsu Siemens Si1520 Laptop Intel T720 cpu 3GB Ram LL4.4 64bit
2003 - RETIRED Toshiba Satellite Pro A10 1 GB RAM LL2.8 32bit
 

Re: Samba [SOLVED]
« Reply #11 on: April 24, 2017, 02:31:52 PM »
 

bitsnpcs

  • Platinum Level Poster
  • **********
  • 3113
    Posts
  • Country: ie
  • Reputation: 295
    • PrettyDizzy

  • Linux Lite: 3.2 64bit
Hello newtusmaximus,

A/ I use the default repositories.
B/ I removed the rules and have updated 2 times and the rules have not been re-added in these future updates.
C/ I don't think it is a virus or malware because -
a/ I have not executed any files other than updates from the Ubuntu repository, and LL repository, or those I created myself, eg Python files made as exercises in the book.
b/ I don't think it is from a website as on this computer I only visit, this forum, OMG Blog, my own blog, Google Blogger/G+, Raspberry Pi blog, and YouTube, OSMC forums a few weeks ago.
c/ only 1 of my email accounts is set up on this computer, example ProtonMail I use only on their site or via the Android app.
Only 2 sources of email arrive to this email address, notifications from this forum, and weekly update notifications from OSMC forum. Neither of these contained any attachments, both are read as plain text only.
I did not receive spam.

There are no personal photos on this computer, no webcam connected, no money stuff eg; I don't have any cards, online banks, or Paypal, they cannot get credit in my name for a few years yet as I am not old enough for that.
There is x1 mp3 music mix I made when first using linux, x2 desktop screenshots, x273 of my blog files that have all already been published online and are free, x13 Python files I made during the exercises in the Python book so far, x1 directory with 2 subdirectories I made as part of the exercises in the Command Line book so far, x54 pdfs from Raspberry Pi foundation that are available free online.
There is no networking of computers.
No idea why Samba is even installed, as none of the 3 reasons given on Ubuntu for what it is used for are ever used on this computer.

I have no idea if the system was penetrated, but it is likely it was, as the help manual was tampered with and is broken which doesn't occur on its own. Maybe other stuff, I am to be checking more later when I get back, I go out now etc.
 

Re: Samba [SOLVED]
« Reply #12 on: April 24, 2017, 07:58:28 PM »
 

bitsnpcs

  • Platinum Level Poster
  • **********
  • 3113
    Posts
  • Country: ie
  • Reputation: 295
    • PrettyDizzy

  • Linux Lite: 3.2 64bit



has the last week Manual updates added the rules to use Samba in UFW and it is why deleting them is why the manual is broken ?
Last Edit: April 24, 2017, 08:02:06 PM by bitsnpcs
 

Re: Samba [SOLVED]
« Reply #13 on: April 24, 2017, 10:22:34 PM »
 

ralphy

  • PayPal Supporter
  • Gold Level Poster
  • *****
  • 740
    Posts
  • Country: us
  • Reputation: 114
  • Linux Lite Developer

  • Linux Lite: 3.8 64bit
has the last week Manual updates added the rules to use Samba in UFW and it is why deleting them is why the manual is broken ?

Hi @bitsnpcs

The manual is not broken as far as we can tell. Your screenshot shows http protocol ports 80 and 443 - nothing wrong with that in the javascript.

Samba Firewall rules are automatically added to the firewall as soon as Network Share Settings is launched (after authentication). That has been done to simplify user's sharing setup. It happens that the firewall not allowing samba traffic is a common issue for most new users to believe that something is wrong with their samba service or configuration. At the end, the determination was made to add firewall rules automatically to allow samba traffic. Samba is enabled by default in Linux Lite. We do not consider it a security risk since the the default smb configuration does not provide any open or guest accessible shares by default. Also, most desktop computers are likely running behind a firewall'd local area network (LAN); even connecting straight to a gateway will put users behind a NAT and some firewall in almost every case and when it doesn't, Linux Lite firewall is still there only allowing samba traffic with no default shares accessible anyways.

Hope that explains the mystery regarding Samba rules.

Cheers!
https://unlockforus.com

Sorry for seeming stupid and preferring Linux - I just don't know any better.

 

Re: Samba [SOLVED]
« Reply #14 on: April 25, 2017, 01:03:41 AM »
 

bitsnpcs

  • Platinum Level Poster
  • **********
  • 3113
    Posts
  • Country: ie
  • Reputation: 295
    • PrettyDizzy

  • Linux Lite: 3.2 64bit
Hello Ralphy,

thank you for your time trying to explain it to me.
I will mark it as solved although I dont understand what you wrote.

When Menu>favourites>Help Manual  is clicked, it does not open the manual only the html file and looks as per the screenshot.
I can use it online instead.
This began when I disabled the backdoor.
 


Tags:
 


Linux Lite 4.4 Final has been released. See the Release Announcements section for more information.