T 2.144 Inadequate contingency planning for a Samba server

Errors and mistakes during the contingency planning phase can disrupt the Samba operation or lead to extended downtimes. In addition to the common mistakes frequently made in the context of contingency planning, there are certain special mistakes that can be made on a Samba server that make a fast reaction to security incidents very difficult or even impossible. Some of these mistakes are described in the following:

• If the Samba server needs to be reinstalled after an emergency (after an attack by hackers, for example), then you will need the installation packages (source text packages or binary packages) used for installation. For this reason, significant delays can arise if these packages are no longer available, because they were stored on the compromised system itself, for example. In this case, it is possible that the installation packages were also manipulated. The reinstallation of the Samba server using the manipulated packages could lead to even greater security problems.
• If the compiler and/or installation options of the Samba server are unknown, then it can be very difficult to restore an installation offering the same functionality. If it is impossible to restore this installation, then Samba might not be able to provide optional functions that are important for the operation of the information system.
• When recovering the system after an emergency, it may be desirable to restore the system using an older configuration. If the versions of configuration files (especially the smb.conf file) are not administered, then this may be difficult or even impossible.
• If there is no documentation of the configuration available or the documentation available is inadequate, then it may be very difficult to restore a functioning configuration after an emergency at all. Poor or inadequate documentation can also mean configuration errors remain unnoticed at first, which can then make extensive troubleshooting necessary when problems occur.