Ubuntu Servers :: Secure Fileserver Over Internet - Opening Samba Ports Make Default Particularly Vulnerable To Penetration?
May 26, 2011
I'd like to set up a fileserver for myself and a few trusted individuals. I'm computer savvy and I use various linux servers frequently for work, but this is my first time trying to setup my own. Is it possible to have a Samba server setup so it is both secure and facing the Internet? Two questions:
Will opening Samba ports make my default Ubuntu server particularly vulnerable to penetration? More than having an SSH server running? Does Samba/ can Samba be configured to encrypt traffic or is it sent plainly? If so, does Windows and Mac support this secure communication?
If not, what would you suggest? I'd like to achieve something like a network drive and at a difficulty level that my parents could use this if they really wanted to. I will be storing things like financial information and tax returns, but no weapons-grade secrets.
View 9 Replies
ADVERTISEMENT
Jun 27, 2010
I recently upgraded my ubuntu samba fileserver to 10.04 along with increasing the size of my RAID 1 /home directory.I am using the same smb.conf file setup I have used on intrepid ibis setup and hardy heron setup before that.On my new setup, I can see the ubuntu server on my windows 7 machines, but I can't see the shares and can't access them.In checking the logs (/var/log/samba), one log continues to look for a printer share from one Windows machine that I have not set up on samba yet.
I have found a few people who have reported similar problems online, even a few who have filed bugs, but then they say "my computer started working suddenly. I don't know what happened." so they closed the bug. or "my computer started working after I rebooted my machine." I have rebooted all machines on the network. That doesn't fix it.
View 1 Replies
View Related
May 12, 2009
New fun from M$, we have started to test Win-7 on a few machines, and while it worked flawlessly in XP, Vista and Win-7 beta, logging on to the share (AD) from a Win-7 RC doesn't work.
View 1 Replies
View Related
Dec 15, 2010
"Ubuntu Server has no open ports by default" - [URL]. Does this mean right after a 10.04 Server Edition installation, if a user wants to start a web service e.g. a Java process to listen on say port 8080, he would have to configure the firewall first?
View 1 Replies
View Related
May 1, 2011
I just finished setting up a Natty box to act as my home router / home web server. I installed beta2 a few days before the final was out and updated all of the packages (also tried a dist-upgrade just in case ).
I performed the following setup:
- set up the webserver and sshd
- set up dhcp server and adressing
- set up rc.local to run rc.firewall with my filtering rules
- set the router live (rebooting it)
And that was basically it. Everything worked fine, except when I tried to open any of the sites that are hosted on the webserver from the outside world. It turned out that all of the ports on the external interface were blocked.
I decided to stop my firewall rules (flushing all rules) and then scan my box from the outside - still, all ports seemed to be filtered. I then decided to reboot the machine, disabling all mention of the rc.firewall script, but the ports were still filtered!
I then disabled apparmor and made sure ufw is disabled, but the ports are still filtered for the outside world. For the internal network they are not filtered.
Is there some other mechanism besides iptables rules that filteres packets?
View 2 Replies
View Related
Sep 10, 2010
I want to use my Thunderbird as default newsreader for rss feeds. When I click on the icon of the website, it tells me that another application is the default. There is an option to browse for another application that I can set as default.But where do I have to browse to find the Thunderbird program. I have to same problem with pdf -files. I want to use acrobat reader as default.
View 1 Replies
View Related
Dec 15, 2010
I've tried to set up a Hadoop cluster on a few freshly-installed 10.04 Server Edition machines and hit a problem. (I was able to set up the cluster using Desktop edition previously). The issue is that I can't connect to the service even though the Java process is running and listening on the port and there is no error in the logs. Anyway, I started to wonder if it was firewall issue so I googled it and found conflicting information.
1. "Ubuntu Server has no open ports by default" - [URL]
2. iptables shows different info. ufw is also disabled.
hadoopadmin@machine-1:~$ sudo iptables -L
[sudo] password for hadoopadmin:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
hadoopadmin@machine-1:~$ sudo ufw status verbose
Status: inactive
I even tried to enable ufw and did "sudo ufw default allow incoming" but still no help. The only package I manually selected during installation is OpenSSH server.
View 1 Replies
View Related
Nov 26, 2010
I can't browse my SAMBA shares because ports between 137 to 139 and 445 are closed, but I don't know why.
I even turn off iptables
Code:
But...
Code:
View 9 Replies
View Related
Sep 23, 2010
I've prepared a Samba fileserver at work without much too problems and I've prepared a batch file to mount it as z: letter on windows machine at startup.As a sad result the share gets filled with many viruses and became a vehicle of infection.
folder1 ----> folder2 and many other files and folders
folder1 has a condivision access read and write for everyone so I get no problems with passwords for all those who have access but i use ntfs security to do it read only (viruses act like if a pendrive is connected and mainly put infected files just in the "root" of it, in my case in folder 1) and then give everyone full control in folder2. I've been trying to understand how to do this but I'm quite new to linux and smb.conf really scared me. I've tried samba graphical tool which was a lot easier but I'm not able to achieve this kind of result: no need of user password for users to mount the share and no write possibilities in folder 1 and full control in folder 2.
View 7 Replies
View Related
May 19, 2011
My all production PC r running under ADC windows2008 server. Recently I implement a file server in CentOS 5. Now I want to integrate Samba (File sharing) using Active Directory so that all access permission to file server comes from AD's permission.
View 2 Replies
View Related
Jan 26, 2010
I have a computer on my LAN that I'm using as a file server for my photography work. What I'm wanting to do is allow my business partner be able to access the file server from his home over the internet. I'd also like to create a share folder on each of our computers so that we can each access and modify so we can sync our work easily without being in the same office.What would be the easiest way to do this and how exactly do you access another person's computer over the internet?
View 1 Replies
View Related
May 31, 2010
I have created a shared folder in my ubuntu. And checked allow guest user access. I can access this folder with my other ubuntu computer connected trough LAN.The question is if anyone have my IP address can he/she access to my shared folder?Are samba shared folders shared over internet too? If so, This will be a very dangerous security problem.
View 5 Replies
View Related
Sep 1, 2011
I have recently done a fresh install of Ubuntu 11.04 Server (64-bit). I selected Samba during installation, but a subsequent
Code:
# apt-get install
installed some additional packages. I have been using my actual smb.conf file as well as
[code]...
View 7 Replies
View Related
Feb 10, 2011
I am running an Ubuntu Server on a VirtualBox VM running on my windows machine. So I've created a self-signed certificate using the following tutorial: [URL]
From this tutorial I'm left with 3 files:
server.key
server.csr
server.crt
Then I found this very similar tutorial that has an extra bit on installing the certificates in apache: [URL] So I followed it's instructions which boil down to this:
[Code]...
So I'm thinking this should work now. However in Chrome I get: SSL connection error Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have. Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error. IE8 gives me a typical "Internet Explorer cannot display the webpage" Note that [URL] fails while [URL] works fine, so it's definitely something in my ssl setup I'm thinking.
View 5 Replies
View Related
May 17, 2010
I downloaded IPKungFu which is supposed to do this for me, except it did not according to a penetration site. configure IPKungFu perfectly. I did look at this site. IPKungFu easy iptables based server firewall - zarzax the blog I downloaded IPKungFu which is supposed to do this for me, except it did not according to a penetration site. Help me configure IPKungFu perfectly. I did look at this site. IPKungFu easy iptables based server firewall - zarzax the blog
Results
rv @rv-laptop:~$ sudo ipkungfu
Checking integrity: ..PASSED
Checking MD5 Hash of config files:OK
[code]....
View 2 Replies
View Related
Mar 16, 2011
i am taking another stab at this. The last time i attempted it, it seemed like everyone had a different way to do it, but nobody could give me an answer on how to do it...
I currently have a Domain Controller Running sme server and a domain controller, using ldap as a backend. I have two file servers runing ubuntu 10.04. My overall goal is to have it so when i create a username on the domain controller, it is then automatically copied over to the fileservers. This way everyone will have their own username and password to access the fileservers and ill be able to track what people do on the fileservers.
The next necessity is for me to be able to apply permissions to the folders on the fileserver based on the users that are created on the domain controller.
View 2 Replies
View Related
May 26, 2010
how I can set up something to automatically open port 119 at 10pm and close it again at 3am..
View 9 Replies
View Related
Aug 30, 2010
I am trying to open a tunnel for a friend of mine who's isp has blocked a bunch of webpages, so I was thinking I would learn how to since it might come in handy in the future Anyway, so I looked at a couple of videos about going in to network settings and changing the setting to manual and write down the desired IP (in my case 192.168.0.137). Then I went into my router (it's a D-link DI 524) and tried adding my static IP as the DMZ computer. I then restarted, everything looked fine, the router saved the settings and the eth0 still hade the information saved so I wanted to try it out. I just googled "try my ports" and I found a website called [URL]...But no ports worked for me.. I tried double checking everything, checking for errors. I couldn't find anything so I'm guessing you might have a clue!
EDIT: It seemed I had to have a program that actually used the port for it to work.. It's working anyway, so if you could move it to [SOLVED] I'd be happy
View 1 Replies
View Related
May 19, 2010
I am very new to Ubuntu (any Linux) evironment. And it has been a long long time since I have dealt with seting up servers. I have done alot of searching but haven't found exactly what I THINK I am looking for.
I want to create a file server (I have created my Ubuntu server cd) and add it to my home network (all windows pcs). I need to be able to access it when away from home ( I work away from home mostly). I will be accessing this with a Windows 7 laptop.
What do I need installed on the server? Samba for the file server part. What else for the remote access? I also would rather not access the data via FTP. I would like it to come up as a drive in my Windows Explorer. If not, I remember back in college (20 years ago) when I could open a little window (XWindow maybe) on the other server.
An issue I see that might not be an issue. I have a static IP from my ISP. It comes into my home via their modem. I attach to the modem with a router. All my laptops connect to it wireless and this server will be wired. How do I hit the server and not one of the laptops with only having the one IP address? Each of these plus my external harddrive and printer have their own internal IP address' that I have assigned.
View 3 Replies
View Related
Jun 20, 2010
How can I open a p[ort in slackware? I am "trying" to install and use Alfresco, a DMS that runs on linux platforms. So far that has been a nightmare........
Basically, according to their support tech, port 3306 is blocked. I dont really understand because I have MySQL DB server running and listening to 3306 on that machine and no problems at all... However, they recommended to try:
Code:
telnet localhost 3306
or
Code:
telnet <machinename> 3306
but it resulted in:
Code:
telnet connect to address 127.0.0.1: Connection refused
If I understand correctly , the Alfresco support is correct, 3306 is indeed blocked. But how come mysql is running fine then? How can I unblock this port? And finally, I need to specify that I dont have ANY type of firewall or anything like that because this machine is not connected to the web... So if I dont have a firewall , what is blocking the port?
View 3 Replies
View Related
Aug 27, 2010
I have searched the web for this answer and i can't find it. I'm using Shorewall for my company firewall and all is working well. But i need to tweak down a few problems that i have. Employees have internet connection over a proxy server (http and https traffic), but some do need to connect to other ports not through proxy but directly. I want to add a exception to the rules. For example i want to allow that a local ip can connect to a predefined ip on the net to a specific port. All my attempts have failed.
View 3 Replies
View Related
May 12, 2011
im working on a perl script to automate the setup on a few machines. Does any one know how to open ports using perl?
ps: The systems are redhat so id be editing the iptables file..
View 6 Replies
View Related
Jan 23, 2010
After a near miss with my 1.5TB, RAID5 file server, I have decided that I need to backup my data to an external hardrive periodically.I have been looking at rsync but the question I have is: Do I format the external hard drive in EXT3 (the sameas my fileserver) or NTFS?All my main machines are Windoze, but the file server is Ubuntu with a samba share.If my server ever went belly up, I would like to be able to access my data from the external hard drive. I guess if it's in EXT3 then windows would be clueless... I would either need to fix the server pronto or access it with a live CD or something.What would I lose if I used NTFS instead of EXT3? I think I would lose permissions and possibly ownerhsip information - are there any other issues?
View 3 Replies
View Related
Jun 28, 2010
I'm having some difficulty with a internet/vpn setup. I have 3 network adapters on the server. 1x is used to connect it to the rest of the network 1x is used to provide internet (squid,dansguardian) 1x is used to connect to the vpn router
My interfaces file looks like this:
Code:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
[Code]...
The problem that I have is this: When the gateway on eth2 is set to 10.0.2.2 the VPN works 100% but there is no internet. When the gateway on eth2 is set to 192.168.0.6 there is internet but no VPN.
So what I want to do is, route all traffic that is supposed to go to 10.0.2.0/24 and 10.0.3.0/24 to eth2 and all internet traffic to eth0.
View 6 Replies
View Related
Jan 5, 2011
how to make a Ubuntu 10.04 server VM look for an IPv4 address if it doesn't seem to by default?
View 3 Replies
View Related
Apr 24, 2010
I have a fairly clean install of Debian 5.04 on a G5 tower and am having some local network sharing problems. The machine linuxG5 has an address of 192.168.1.4 and when I am logged into that machine I get the following output
silver@linuxG5:~$ nmap localhost
Starting Nmap 4.62 ( http://nmap.org ) at 2010-04-24 10:19 EDT
Interesting ports on localhost (127.0.0.1):
Not shown: 1706 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
[Code]...
View 2 Replies
View Related
Nov 7, 2009
I have recently bought a IP/PABX system with one FXO and one FXS port. I intend to install this on a remote site with a public but dynamic IP (can be resolved via dyndns though) and make calls via clients that are NATTed (inside a home router). I would like to seek advice on the port opening and the recommended settings. I have been reading a lot on VOIP and I am getting feedback that SIP calls are difficult to establish on a NATTed environment.
1.) SIP port 5060 UDP?
2.) RTP ports - what range should I open for this? I see some use 10000-20000 UDP
3.) STUN server - Is this something that needs to be configured?
How can I ensure that the other party can hear the audio just like a regular telephone? Is it really impossible to do if the client is behind a router in which it is using a Private IP Address? What other network configurations needs to be done?
View 10 Replies
View Related
Apr 7, 2009
I'm just curious as to what security measure's I should be taking to make my box a little less vulnerable? I'm still experimenting/playing with Linux, use the net, IM, download this and that and was wondering how secure fedora 10 was out of the box?
View 12 Replies
View Related
Feb 4, 2010
Does Ubuntu come with a firewall preinstalled and running? I need to open port 9997 - how would I got about doing this?
View 2 Replies
View Related
Feb 5, 2010
What do the default file permissions in ubuntu 9.10 protect/deny access to?
View 9 Replies
View Related
