메뉴 건너뛰기

?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 댓글로 가기 인쇄
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 댓글로 가기 인쇄

 pdbedit -L




How to configure Samba to use SMBv2 and disable SMBv1 on Linux or Unix

last updated in Categories , , , , , , ,

I am a new Linux user and for security reasons and to avoid ransomware, I would like to disable the SMB1 protocol in samba configuration on a CentOS Linux version 7 server. Is it possible to disable SMBv1 on a Linux or UNIX-like operating system?

Introduction: WannaCrypt/WannaCry targets the Microsoft Windows operating system. The attack spreads by phishing emails but also uses the EternalBlue exploit and DoublePulsar backdoor developed by the U.S. National Security Agency (NSA). If you are using older and unsupported operating systems such as Windows XP and Windows Server 2003, you will get infected. All of your files will be encrypted. To get back your files, you need to pay ransom payments in the cryptocurrency Bitcoin. Microsoft has released software updates for Windows XP and Windows Server 2003. You must apply those patches ASAP on Windows operating systems. In short Linux/Unix users are not affected by this attack. However, you must disable SMBv1 on Samba server running on Linux or Unix-like system.

Configure Samba to use SMBv2 and disable SMBv1 on Linux or Unix

Let us see how to disable SMBv1 on a Linux or Unix like systems.

Disable SMBv1 on Linux or Unix when using Samba

Samba is an open-source implementation of the SMB or CIFS protocol, which allows PC-compatible machines (especially Windows oese) to share files, printers, and other information with Linux and vice-versa.

Configuration to enable SMBv2

Edit smb.conf file, run:
$ sudo vi /etc/samba/smb.conf
Find the [global] section and append the following line:
min protocol = SMB2
Here is my updated file:

Configure Samba to use SMBv2 and disable SMBv1 on Linux or Unix
Fig.01: How to force SMB2 protocol in samba on Linux or Unix


The following seems to work with Windows 10/Linux clients too as noted by many in the comments section below:
protocol = SMB2
For samba version 4.x, you can set
protocol = SMB3
Save and close the file.

Understanding min and max protocol levels in smb.conf

  1. client min protocol – This setting controls the minimum protocol version that the client will attempt to use.
  2. client max protocol – The value of the parameter (a string) is the highest protocol level that will be supported by the client.
  3. SMB2: Re-implementation of the SMB protocol. Used by Windows Vista and later versions of Windows. SMB2 has sub protocols available:
    • SMB2_02: The earliest SMB2 version.
    • SMB2_10: Windows 7 SMB2 version. (By default SMB2 selects the SMB2_10 variant.)
    • SMB2_22: Early Windows 8 SMB2 version.
    • SMB2_24: Windows 8 beta SMB2 version.
  4. SMB3: The same as SMB2. Used by Windows 8. SMB3 has sub protocols available. SMB3 has sub protocols available:
    • SMB3_00: Windows 8 SMB3 version. (mostly the same as SMB2_24)
    • SMB3_02: Windows 8.1 SMB3 version.
    • SMB3_10: early Windows 10 technical preview SMB3 version.
    • SMB3_11: Windows 10 technical preview SMB3 version (maybe final). By default SMB3 selects the SMB3_11 variant.

Hence setting the following gives best option:

 
   client min protocol = SMB2
   client max protocol = SMB3

See smb.conf here for more information.

Restart the samba server

Run the following command on CentOS 7/RHEL 7/Fedora Linux:
$ sudo systemctl restart smb.service
Run the following command on Debian 8.x/Ubuntu 16.04 LTS Linux:
$ sudo systemctl restart smbd.service

NOTE: Please note that Samba version 4.11 removes SMB1 protocol version by default. However, on an older Linux and Unix distro you need to disable it manually to avoid security issues.

Conclusion

And there you have it, SMBv1 disabled on a Linux or Unix samba server to avoid security issues. Please read our comment section below for detailed discussion.


List of Articles
번호 분류 제목 글쓴이 날짜 조회 수
» Linux 삼바 서버 버젼 제한 - How to configure Samba to use SMBv2 and disable SMBv1 on Linux or Unix 맨하탄노숙자 2019.07.29 9
133 Windows Windows 7 부터 윈도우 서버 , 윈도우 서버 2019 Windows Server 2019 시디키 맨하탄노숙자 2019.07.12 14
132 Linux RHEL/CentOS 6 을 7 으로 업그레이드 하기 맨하탄노숙자 2019.07.06 17
131 Linux CentOS 7 network prefix 맨하탄노숙자 2019.03.27 81
130 Linux FIO Benchmark 맨하탄노숙자 2019.02.26 82
129 Linux 리눅스에서 하드디스크 이미지 저장 맨하탄노숙자 2018.12.29 85
128 Windows Ghost Solution Suite - Ghost 11.5.1 맨하탄노숙자 2018.10.03 805
127 Linux nmtui 맨하탄노숙자 2017.11.21 164
126 Linux xfs repair 맨하탄노숙자 2017.10.14 220
125 Linux RHEL7(CentOS7) 의 grub2 사용 해 보기 맨하탄노숙자 2017.07.26 341
124 Linux VMware ESXi SSD on RAID showing as non-ssd 맨하탄노숙자 2017.05.09 171
123 Windows Windows XP 의 윈도우에서 Visual Studio .net (2003) 설치시 옵션 맨하탄노숙자 2017.01.02 259
122 Windows 윈 10 인증 크랙 secret 맨하탄노숙자 2016.05.01 8
121 Windows 윈도우10 정품인증을 확실하게 받을 수 있는 방법입니다 맨하탄노숙자 2016.05.01 3943
120 Linux CentOS 7 CPU 퍼포먼스가 100% 안나올때 맨하탄노숙자 2016.03.25 617
119 Linux ## 아파치 설치용으로 CSR을 생성하고, 발급받은 VeriSign(베리사인) SSL 인증서를 Tomcat 8 에 적용 맨하탄노숙자 2016.03.22 1667
118 Linux mysql old_password 설정 맨하탄노숙자 2016.03.22 361
117 Windows 윈도우7 원격데스크톱 2인 이상 동시 접속 (다중 사용자 모드) 설정 방법 file 맨하탄노숙자 2016.03.21 880
116 Linux rsync 맨하탄노숙자 2016.03.21 259
115 Linux Rsync 특정 기간(일정 기간) 이상 지난 컨텐츠 복사 (730일, 365일, 1주일) 맨하탄노숙자 2016.03.10 378
Board Pagination Prev 1 2 3 4 5 6 7 Next
/ 7