S 4.330 Secure installation of a Samba server
Initiation responsibility: Head of IT, IT Security Officer
Implementation responsibility: Administrator
Various aspects which have a direct influence on security must be taken into consideration when installing a Samba server.
The installation and configuration of the operating system the Samba service will run on must take numerous security aspects into consideration. The corresponding IT-Grundschutz modules must be implemented for this. Furthermore, safeguard S 4.331 Secure configuration of the operating system of a Samba server provides information on which further steps must be taken on the server running the Samba service.
One important aspect to note during the installation of the Samba service is the integrity of the software to be installed (see S 4.327 Verification of the integrity and authenticity of the Samba packages and sources).
The documentation supplied with the Samba service is very detailed and describes the steps that need to be taken for an installation in detail. The IT-Grundschutz safeguard is not a replacement for the documentation supplied with the product and only points out certain items needing special attention. They are based on the installation of a Samba server from the compiled source code. The installation of binary packages from operating system manufacturers or distributors may differ.
Compilation and installation from the source code
After the integrity and authenticity of the source code package have been checked based on the Pretty Good Privacy (PGP) signature, the package should be unpacked under an unprivileged user account, configured (with the help of the "configure" script), and then compiled ("make" program). Only the last step, the actual installation of the compiled program ("make install"), may require a user account with higher privileges. If the unprivileged user account has write privileges for all destination directories of the installation, even this last step can be performed without "root" authorisations. The uncontrolled installation of Samba using "make install" in the root file system of the server is not recommended. Otherwise, it may only be possible under some circumstances to completely uninstall the Samba service after performing numerous tasks manually. Consideration can be given to using tools such as "checkinstall" for the last step of the installation (the "make install" call). The "checkinstall" tool is a program that automatically generates packages for various package management systems from the compiled source code packages (for example the RPM Package Manager (RPM) or Debian). The packages created can then be installed using the package management systems of the operating system used and can be completely uninstalled if necessary. If administrators already have some experience with the structure of the packages used by their package management system, they are recommended to create their own packages for the Samba version used.
If the Samba server is compiled from the source code, the parameters selected must be documented exactly. It is important to be able to trace and reproduce the compilation operation performed at any time based on this documentation. It is also recommended to create a log of the data output during the configuration and compilation procedures (for example by redirecting this output to a file) and store this log somewhere safe.
All steps taken during the installation should be documented so that the configuration can be reproduced quickly in an emergency. This includes the installation paths, authorisations, changes to the configuration file smb.conf, and other such information in addition to the settings used for compilation.
In general, the Samba server should be started from the startup scripts of the operating system. This way, the Samba server is also directly available after server restart.
Review questions:
- Has the integrity of the software been checked before installation?
- Have the installation and configuration been documented adequately?
- Was the source code package unpacked, configured, and compiled using an unprivileged user account?
- Has Samba been installed in a controlled manner in the root file system of the server?
- Have the parameters used when starting the compilation procedure been documented?
- Has a log of the output of the configuration and compilation procedures been generated?