S 4.335 Secure operation of a Samba server

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator

It is not enough just to specify a secure initial configuration in order to maintain the security of a Samba server while it is in operation. Instead, a series of safeguards must be implemented regularly to enable prompt detection of any possible problems. The following aspects should be taken into consideration in particular when operating a Samba server:

• Changes to the configuration must be documented carefully so that it is possible at any time to determine who made which changes and for what reasons. It is recommended to use a revision control program (such as git, mercurial or RCS, for example) to record all changes to the configuration files. This makes it possible to restore the configuration to a previous version of the configuration at any time and ensures it is possible to determine who made which changes and for what reasons.
• After every change to the file smb.conf, it is necessary to check if the syntax of the configuration file is correct using the testparm program. Syntax errors in the configuration file could otherwise prevent any restart of the server or could open up security gaps.
• The access authorisations of the Samba shares should be checked regularly (see S 4.332 Secure configuration of the access controls for a Samba server). This should be performed especially after updating the software or making changes to the configuration. Checksums should be generated for the files of the server itself (for example for the smbd server program or the smb.conf configuration file) and then checked regularly.
• The administrators must promptly obtain information on any current security gaps in the software used (see also S 2.35 Obtaining information on security weaknesses of the system). Information on recently discovered security gaps is always published by the Samba team in the samba-announce mailing list (http://lists.samba.org/archive/samba-announce/). An overview of all security-relevant patches published to date is also maintained at http://www.samba.org/samba/security/
• The safeguards described in S 2.64 Checking the log files must also be implemented in connection with Samba. In general, the nmbd, smbd, and winbind applications all store their logged data in the /var/log/samba/ directory.
• Secure operation also includes regularly performing safeguards for backing up the data and for contingency planning (see S 6.135 Regular backup of important system components of a Samba server).

Review questions:

• Are changes to the configuration documented carefully so that it is possible to determine who made which changes and for what reasons at any time?
• Is the testparm program used after every change to the configuration file smb.conf to check if its syntax is still correct?
• Are the access authorisations in effect for the shares of the Samba server checked regularly?
• Do the administrators regularly obtain information on new security gaps that have been discovered in Samba?
• Are the log files of the Samba server checked regularly?
• Are safeguards for backing up the data and for contingency planning performed regularly?