SlideShare ist ein Scribd-Unternehmen logo

Athenticated smaba server config with open vpn

Chanaka Lasantha
Chanaka Lasantha

Tested

Technologie
1 von 9
Downloaden Sie, um offline zu lesen
Authenticated Samba Server Config with Open VPN Chanaka.lasantha@gmail.com Designed , Doumented and Tested by Chanaka Lasantha Nanayakkara Wawage Most Important Settings Date: date -s "9 AUG 2013 11:32:08" Add repository EPEL that is provided from Fedora project. rpm –Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
Installing Samba Server and cups-libs is for printer # yum install -y samba samba-commons cups-libs xinetd portmap # setup Select System service from list You have to tick the following boxes if not already selected, [*]portmap [*]xinetd [*]smb Create a directory which you would like to share mkdir /sharedrepo Add a new group or you can use existing group to provide access on shared directory, Here I am adding new group called staff groupadd staff Change the group and permission of sharing folder chgrp -R staff /sharedrepo chmod -R 777 /sharedrepo Explanation of behavior of chmod syntax’s The chmod numeric format accepts up to four octal digits. The rightmost three refer to permissions for the file owner, the group and other users. The next digit (fourth from the right) specifies special setuid, setgid and sticky flags. Numerical permissions: # Permission rwx 7 6 Full Read and Write 111 110
5 4 3 2 1 0 Read and Execute Read Only Write and Execute Write Only Execute Only None 101 100 011 010 001 000 rwx = Read, Write, Execute Further Explanation :  Read = read a file or list a directory's contents  Write = write to a file or directory  Execute = execute a file or recurse a directory tree Sample : chmod -R 777 /sharedrepo has a full permission for Read, Write and Execute. create user and add them in group called staff. And set the samba password for this user useradd test usermod -G staff test smbpasswd -a test Take backup of /etc/samba/smb.conf file then edit the smb.conf file. And add the given parameter in last line of /etc/samba/smb.conf file cd /etc/samba/ cp -p smb.conf smb.conf.orig vim /etc/samba/smb.conf [sharedrepo] comment = shared-directory path = /sharedrepo public = no valid users = test, @staff writable = yes browseable = yes create mask = 0765
Edit these lines in /etc/samba/smb.conf . To allow network to reach samba server Change the value of 192.168.2.0/24 with your subnet. And change the ethernet value which is in used by your system and which you want to allow for traffic. In second line ,192.168.2. is for subnet .Same rule applied to 127. which is for loopback. interfaces = lo eth0 192.168.2.0/24 hosts allow = 127. 192.168.2. Mainly for windows users,if your all PC in your network are using different WORKGROUP name edit the given below line in smb.conf with your workgroup name. Windows system bydefault uses the WORKGROUP as WORKGROUP. Try first without changing the WORKGROUP name,if required do the change. workgroup = WORKGROUP Add services in /etc/services files vim /etc/services netbios-ns 137/tcp # netbios name service netbios-ns 137/udp # netbios name service netbios-dgm 138/tcp # netbios datagram service netbios-dgm 138/udp # netbios datagram service netbios-ssn 139/udp # netbios session service netbios-ssn 139/udp # netbios session service Enable IP Forwarding (Highly Important!) If you want your OpenVPN clients to be able to access the network, in addition to the push routes statements above you will need to setup ip forwarding for the tunnel interface and change the 0 to a 1. vim /etc/sysctl.conf # ------ Edit the following line changing the 0 to a 1 ----- net.ipv4.ip_forward = 1
Save and close the file. Reload the changes by typing the following command: Or echo 1 > /proc/sys/net/ipv4/ip_forward sysctl -p Add iptables rule in samba server for port no. 137,138.139 and 445. service iptables start iptables –-flush iptables --table nat -–flush iptables --delete-chain service iptables save service iptables restart service network restart iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEP iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 2 -j ACCEPT iptables -A INPUT -p icmp -j ACCEPT iptables -A OUTPUT -p icmp -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m state --state INVALID -j DROP iptables -A OUTPUT -m state --state INVALID -j DROP iptables -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP iptables -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP iptables -N SYN_FLOOD iptables -A INPUT -p tcp --syn -j SYN_FLOOD iptables -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN iptables -A SYN_FLOOD -j DROP iptables -A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP iptables -A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP iptables -A INPUT -p icmp -m icmp -m limit --limit 1/second -j ACCEPT iptables -A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPT iptables -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j DROP iptables -A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP iptables -A INPUT -m recent --name portscan --remove iptables -A FORWARD -m recent --name portscan –remove
iptables -A INPUT -s 0.0.0.0/7 -j DROP iptables -A INPUT -s 2.0.0.0/8 -j DROP iptables -A INPUT -s 5.0.0.0/8 -j DROP iptables -A INPUT -s 7.0.0.0/8 -j DROP iptables -A INPUT -s 10.0.0.0/8 -j DROP iptables -A INPUT -s 23.0.0.0/8 -j DROP iptables -A INPUT -s 27.0.0.0/8 -j DROP iptables -A INPUT -s 31.0.0.0/8 -j DROP iptables -A INPUT -s 36.0.0.0/7 -j DROP iptables -A INPUT -s 39.0.0.0/8 -j DROP iptables -A INPUT -s 42.0.0.0/8 -j DROP iptables -A INPUT -s 49.0.0.0/8 -j DROP iptables -A INPUT -s 50.0.0.0/8 -j DROP iptables -A INPUT -s 77.0.0.0/8 -j DROP iptables -A INPUT -s 78.0.0.0/7 -j DROP iptables -A INPUT -s 92.0.0.0/6 -j DROP iptables -A INPUT -s 96.0.0.0/4 -j DROP iptables -A INPUT -s 112.0.0.0/5 -j DROP iptables -A INPUT -s 120.0.0.0/8 -j DROP iptables -A INPUT -s 169.254.0.0/16 -j DROP iptables -A INPUT -s 172.16.0.0/12 -j DROP iptables -A INPUT -s 173.0.0.0/8 -j DROP iptables -A INPUT -s 174.0.0.0/7 -j DROP iptables -A INPUT -s 176.0.0.0/5 -j DROP iptables -A INPUT -s 184.0.0.0/6 -j DROP iptables -A INPUT -s 192.0.2.0/24 -j DROP iptables -A INPUT -s 197.0.0.0/8 -j DROP iptables -A INPUT -s 198.18.0.0/15 -j DROP iptables -A INPUT -s 223.0.0.0/8 -j DROP iptables -A INPUT -s 224.0.0.0/3 -j DROP iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT iptables -A INPUT -s 192.168.2.0/24 -m state --state NEW -p tcp --dport 137 -j ACCEPT iptables -A INPUT -s 192.168.2.0/24 -m state --state NEW -p tcp --dport 138 -j ACCEPT iptables -A INPUT -s 192.168.2.0/24 -m state --state NEW -p tcp --dport 139 -j ACCEPT iptables -A INPUT -s 192.168.2.0/24 -m state --state NEW -p tcp --dport 445 -j ACCEPT iptables -A OUTPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT iptables -A OUTPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT iptables -A OUTPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%271%27%3d%271” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+1%3d1” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%271%27%3d%271” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%27%27%3d%27” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+1%3d1” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%271%27%3d%271” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%27%27%3d%27” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+1%3d1” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%271%27%3d%271” --algo bm -j DROP service iptables save
service iptables restart service network restart /sbin/iptables -L iptables -L -t nat –n iptables -vnL Now start the smb and nmb services. /etc/init.d/smb start /etc/init.d/nmb start Now we will test samba from linux and windows machine (Windows User) Open the Run and type ip-address-of-samba-servershared-Direcory-name for eg:- 192.168.56.101sharedrepo Give username and password. (password which you set with the help of smbpasswd command)
Linux Users: smbclient must be installed in system smbclient //ip-samba-server/sharedDirectory -U username smbstatus FINAL STAGE OF OPEN VPN SOLUTION CONFIG FOR A WORLD WIDE SECURE SAMBA REMOTE ACCESS CAN BE SETUP USING BY CLICKING THIS URL. Install the ClamAV Virus Guard for Inter-clients Virus Protectiion yum --enablerepo=rpmforge -y install clamav vim /etc/freshclam.conf line 122: make it comment:- #NotifyClamd /etc/clamd.conf update pattern files:- freshclam vim /etc/crontab # Explanation:- # MIN HOUR MDAY MON DOW COMMAND # */5 * * * * echo 'Hello' # # MIN Minute 0-60 # HOUR Hour [24-hour clock] 0-23 # MDAY Day of Month 1-31 # MON Month 1-12 OR jan,feb,mar,apr . # DOW Day of Week 0-6 OR # sun,mon,tue,wed,thu,fri,sat # COMMAND Command to be run Any valid command-line #Run a Virus SCAN for " sharedrepo" folder after every 3-hours while awake by the ClamAV Virus Guard 0 7-23/3 * * * clamscan --infected --remove --recursive /sharedrepo && clamscan --infected --remove --recursive #Run the Automatic Updater for the ClamAV Virs Batabase by Every 3 Hours Periodically 0 7-23/3 * * * freshclam init 0
How to enable or disable SMB protocols on the SMB client on Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 To disable SMBv1 on the SMB client, run the following commands: sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi sc.exe config mrxsmb10 start= disabled To enable SMBv1 on the SMB client, run the following commands: sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi sc.exe config mrxsmb10 start= auto To disable SMBv2 and SMBv3 on the SMB client, run the following commands: sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi sc.exe config mrxsmb20 start= disabled To enable SMBv2 and SMBv3 on the SMB client, run the following commands: sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi sc.exe config mrxsmb20 start= auto

Empfohlen

Ccna voice study summary 460
Ccna voice study summary 460Ccna voice study summary 460
Ccna voice study summary 460
B Mach
 
Arp Dan Ipconfig Syntax
Arp Dan Ipconfig SyntaxArp Dan Ipconfig Syntax
Arp Dan Ipconfig Syntax
guestcc37e8c
 
Router Commands Overview
Router Commands OverviewRouter Commands Overview
Router Commands Overview
Muhammed Niyas
 
Iptables
IptablesIptables
Iptables
leminhvuong
 
Packet Filtering Using Iptables
Packet Filtering Using IptablesPacket Filtering Using Iptables
Packet Filtering Using Iptables
Ahmed Mekkawy
 
Ccna icnd2-labs exercices
Ccna icnd2-labs exercicesCcna icnd2-labs exercices
Ccna icnd2-labs exercices
saqrjareh
 
Iptables fundamentals
Iptables fundamentalsIptables fundamentals
Iptables fundamentals
ram_b17
 
The bryant advantage 150 commands
The bryant advantage 150 commandsThe bryant advantage 150 commands
The bryant advantage 150 commands
Areej Khasawneh
 

Empfohlen

Ccna voice study summary 460
Ccna voice study summary 460Ccna voice study summary 460
Ccna voice study summary 460
B Mach
 
Arp Dan Ipconfig Syntax
Arp Dan Ipconfig SyntaxArp Dan Ipconfig Syntax
Arp Dan Ipconfig Syntax
guestcc37e8c
 
Router Commands Overview
Router Commands OverviewRouter Commands Overview
Router Commands Overview
Muhammed Niyas
 
Iptables
IptablesIptables
Iptables
leminhvuong
 
Packet Filtering Using Iptables
Packet Filtering Using IptablesPacket Filtering Using Iptables
Packet Filtering Using Iptables
Ahmed Mekkawy
 
Ccna icnd2-labs exercices
Ccna icnd2-labs exercicesCcna icnd2-labs exercices
Ccna icnd2-labs exercices
saqrjareh
 
Iptables fundamentals
Iptables fundamentalsIptables fundamentals
Iptables fundamentals
ram_b17
 
The bryant advantage 150 commands
The bryant advantage 150 commandsThe bryant advantage 150 commands
The bryant advantage 150 commands
Areej Khasawneh
 
Backup and restore router configuration
Backup and restore router configurationBackup and restore router configuration
Backup and restore router configuration
Vasilis Nikitaras
 
Ncat ccna cheat sheet
Ncat ccna cheat sheetNcat ccna cheat sheet
Ncat ccna cheat sheet
EZREIG OMAR
 
DNS, DHCP Configuration
DNS, DHCP Configuration DNS, DHCP Configuration
DNS, DHCP Configuration
Anik Saha
 
ccna cheat_sheet
ccna cheat_sheetccna cheat_sheet
ccna cheat_sheet
Guntaka Reddy
 
Introduction to firewalls through Iptables
Introduction to firewalls through IptablesIntroduction to firewalls through Iptables
Introduction to firewalls through Iptables
Bud Siddhisena
 
Juniper JNCIA – Juniper Floating Static Route Configuration
Juniper JNCIA – Juniper Floating Static Route ConfigurationJuniper JNCIA – Juniper Floating Static Route Configuration
Juniper JNCIA – Juniper Floating Static Route Configuration
Hamed Moghaddam
 
Huawei cisco command conversion
Huawei cisco command conversionHuawei cisco command conversion
Huawei cisco command conversion
james Omara
 
Netfilter: Making large iptables rulesets scale
Netfilter: Making large iptables rulesets scaleNetfilter: Making large iptables rulesets scale
Netfilter: Making large iptables rulesets scale
brouer
 
Comandos cisco x huawei
Comandos cisco x huaweiComandos cisco x huawei
Comandos cisco x huawei
andre gomes
 
Linux day 3ppt
Linux day 3pptLinux day 3ppt
Linux day 3ppt
Kalkey
 
01c. Starting A Router
01c. Starting A Router01c. Starting A Router
01c. Starting A Router
Nghiep Lam
 
Nova HA
Nova HANova HA
Nova HA
Open Stack
 
Cisco CCENT Cram Notes
Cisco CCENT Cram NotesCisco CCENT Cram Notes
Cisco CCENT Cram Notes
Vijayanand Yadla
 
Cisco CCNA- PPP Multilink Configuration
Cisco CCNA- PPP Multilink ConfigurationCisco CCNA- PPP Multilink Configuration
Cisco CCNA- PPP Multilink Configuration
Hamed Moghaddam
 
Cisco vs. huawei CLI Commands
Cisco vs. huawei CLI CommandsCisco vs. huawei CLI Commands
Cisco vs. huawei CLI Commands
Bootcamp SCL
 
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner) Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
Puppet
 
Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)
DH Da Lat
 
Cisco router command configuration overview
Cisco router command configuration overviewCisco router command configuration overview
Cisco router command configuration overview
3Anetwork com
 
Comandos routing switching
Comandos routing switchingComandos routing switching
Comandos routing switching
1 2d
 
Complete squid & firewall configuration. plus easy mac binding
Complete squid & firewall configuration. plus easy mac bindingComplete squid & firewall configuration. plus easy mac binding
Complete squid & firewall configuration. plus easy mac binding
Chanaka Lasantha
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples
Teja Bheemanapally
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples
Teja Bheemanapally
 

Weitere ähnliche Inhalte

Was ist angesagt?

Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner) Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
Puppet
 
Comandos routing switching
Comandos routing switchingComandos routing switching
Comandos routing switching
1 2d
 

Was ist angesagt? (19)

Backup and restore router configuration
Backup and restore router configurationBackup and restore router configuration
Backup and restore router configuration
 
Ncat ccna cheat sheet
Ncat ccna cheat sheetNcat ccna cheat sheet
Ncat ccna cheat sheet
 
DNS, DHCP Configuration
DNS, DHCP Configuration DNS, DHCP Configuration
DNS, DHCP Configuration
 
ccna cheat_sheet
ccna cheat_sheetccna cheat_sheet
ccna cheat_sheet
 
Introduction to firewalls through Iptables
Introduction to firewalls through IptablesIntroduction to firewalls through Iptables
Introduction to firewalls through Iptables
 
Juniper JNCIA – Juniper Floating Static Route Configuration
Juniper JNCIA – Juniper Floating Static Route ConfigurationJuniper JNCIA – Juniper Floating Static Route Configuration
Juniper JNCIA – Juniper Floating Static Route Configuration
 
Huawei cisco command conversion
Huawei cisco command conversionHuawei cisco command conversion
Huawei cisco command conversion
 
Netfilter: Making large iptables rulesets scale
Netfilter: Making large iptables rulesets scaleNetfilter: Making large iptables rulesets scale
Netfilter: Making large iptables rulesets scale
 
Comandos cisco x huawei
Comandos cisco x huaweiComandos cisco x huawei
Comandos cisco x huawei
 
Linux day 3ppt
Linux day 3pptLinux day 3ppt
Linux day 3ppt
 
01c. Starting A Router
01c. Starting A Router01c. Starting A Router
01c. Starting A Router
 
Nova HA
Nova HANova HA
Nova HA
 
Cisco CCENT Cram Notes
Cisco CCENT Cram NotesCisco CCENT Cram Notes
Cisco CCENT Cram Notes
 
Cisco CCNA- PPP Multilink Configuration
Cisco CCNA- PPP Multilink ConfigurationCisco CCNA- PPP Multilink Configuration
Cisco CCNA- PPP Multilink Configuration
 
Cisco vs. huawei CLI Commands
Cisco vs. huawei CLI CommandsCisco vs. huawei CLI Commands
Cisco vs. huawei CLI Commands
 
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner) Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
 
Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)
 
Cisco router command configuration overview
Cisco router command configuration overviewCisco router command configuration overview
Cisco router command configuration overview
 
Comandos routing switching
Comandos routing switchingComandos routing switching
Comandos routing switching
 

Ähnlich wie Athenticated smaba server config with open vpn

Complete squid & firewall configuration. plus easy mac binding
Complete squid & firewall configuration. plus easy mac bindingComplete squid & firewall configuration. plus easy mac binding
Complete squid & firewall configuration. plus easy mac binding
Chanaka Lasantha
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples
Teja Bheemanapally
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples
Teja Bheemanapally
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorial
annik147
 
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...
JohnWilson47710
 
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docxINFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
carliotwaycave
 
Chapter 03 configuring link aggregation and bridging
Chapter 03 configuring link aggregation and bridgingChapter 03 configuring link aggregation and bridging
Chapter 03 configuring link aggregation and bridging
dimuthur
 
RAC-Installing your First Cluster and Database
RAC-Installing your First Cluster and DatabaseRAC-Installing your First Cluster and Database
RAC-Installing your First Cluster and Database
Nikhil Kumar
 

Ähnlich wie Athenticated smaba server config with open vpn (20)

Complete squid & firewall configuration. plus easy mac binding
Complete squid & firewall configuration. plus easy mac bindingComplete squid & firewall configuration. plus easy mac binding
Complete squid & firewall configuration. plus easy mac binding
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples
 
Reducing iptables configuration complexity using chains
Reducing iptables configuration complexity using chainsReducing iptables configuration complexity using chains
Reducing iptables configuration complexity using chains
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorial
 
Samba
SambaSamba
Samba
 
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...
 
Introduction to linux day1
Introduction to linux day1Introduction to linux day1
Introduction to linux day1
 
Linux Administation
Linux AdministationLinux Administation
Linux Administation
 
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docxINFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
 
Chapter 03 configuring link aggregation and bridging
Chapter 03 configuring link aggregation and bridgingChapter 03 configuring link aggregation and bridging
Chapter 03 configuring link aggregation and bridging
 
Ansible - simple it automation
Ansible - simple it automationAnsible - simple it automation
Ansible - simple it automation
 
Mikrotik and easy hotspot, as hotspot billing system
Mikrotik and easy hotspot, as hotspot billing systemMikrotik and easy hotspot, as hotspot billing system
Mikrotik and easy hotspot, as hotspot billing system
 
Iptables presentation
Iptables presentationIptables presentation
Iptables presentation
 
Debugging Ruby
Debugging RubyDebugging Ruby
Debugging Ruby
 
Ex200
Ex200Ex200
Ex200
 
Linuxserver harden
Linuxserver hardenLinuxserver harden
Linuxserver harden
 
Debugging Ruby Systems
Debugging Ruby SystemsDebugging Ruby Systems
Debugging Ruby Systems
 
Stupid iptables tricks
Stupid iptables tricksStupid iptables tricks
Stupid iptables tricks
 
RAC-Installing your First Cluster and Database
RAC-Installing your First Cluster and DatabaseRAC-Installing your First Cluster and Database
RAC-Installing your First Cluster and Database
 

Mehr von Chanaka Lasantha

ERP System Implementation Kubernetes Cluster with Sticky Sessions
ERP System Implementation Kubernetes Cluster with Sticky Sessions ERP System Implementation Kubernetes Cluster with Sticky Sessions
ERP System Implementation Kubernetes Cluster with Sticky Sessions
Chanaka Lasantha
 
Free radius for wpa2 enterprise with active directory integration
Free radius for wpa2 enterprise with active directory integrationFree radius for wpa2 enterprise with active directory integration
Free radius for wpa2 enterprise with active directory integration
Chanaka Lasantha
 
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...
Chanaka Lasantha
 
Ask by linux kernel add or delete a hdd
Ask by linux kernel add or delete a hddAsk by linux kernel add or delete a hdd
Ask by linux kernel add or delete a hdd
Chanaka Lasantha
 

Mehr von Chanaka Lasantha (20)

Storing, Managing, and Deploying Docker Container Images with Amazon ECR
Storing, Managing, and Deploying Docker Container Images with Amazon ECRStoring, Managing, and Deploying Docker Container Images with Amazon ECR
Storing, Managing, and Deploying Docker Container Images with Amazon ECR
 
Building A Kubernetes App With Amazon EKS
Building A Kubernetes App With Amazon EKSBuilding A Kubernetes App With Amazon EKS
Building A Kubernetes App With Amazon EKS
 
ERP System Implementation Kubernetes Cluster with Sticky Sessions
ERP System Implementation Kubernetes Cluster with Sticky Sessions ERP System Implementation Kubernetes Cluster with Sticky Sessions
ERP System Implementation Kubernetes Cluster with Sticky Sessions
 
Free radius for wpa2 enterprise with active directory integration
Free radius for wpa2 enterprise with active directory integrationFree radius for wpa2 enterprise with active directory integration
Free radius for wpa2 enterprise with active directory integration
 
Distributed replicated block device
Distributed replicated block deviceDistributed replicated block device
Distributed replicated block device
 
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...
 
Ask by linux kernel add or delete a hdd
Ask by linux kernel add or delete a hddAsk by linux kernel add or delete a hdd
Ask by linux kernel add or delete a hdd
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmaple
 
One key sheard site to site open vpn
One key sheard site to site open vpnOne key sheard site to site open vpn
One key sheard site to site open vpn
 
Usrt to ethernet connectivity over the wolrd cubieboard bords
Usrt to ethernet connectivity over the wolrd cubieboard bordsUsrt to ethernet connectivity over the wolrd cubieboard bords
Usrt to ethernet connectivity over the wolrd cubieboard bords
 
Site to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql dbSite to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql db
 
Site to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory authSite to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory auth
 
Site to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestSite to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latest
 
Install elasticsearch, logstash and kibana
Install elasticsearch, logstash and kibana Install elasticsearch, logstash and kibana
Install elasticsearch, logstash and kibana
 
Oracle cluster installation with grid and nfs
Oracle cluster installation with grid and nfsOracle cluster installation with grid and nfs
Oracle cluster installation with grid and nfs
 
Oracle cluster installation with grid and iscsi
Oracle cluster installation with grid and iscsiOracle cluster installation with grid and iscsi
Oracle cluster installation with grid and iscsi
 
AUTOMATIC JBOSS CLUSTER MANAGEMENT SYSTEM (PYTHON)
AUTOMATIC JBOSS CLUSTER MANAGEMENT SYSTEM (PYTHON)AUTOMATIC JBOSS CLUSTER MANAGEMENT SYSTEM (PYTHON)
AUTOMATIC JBOSS CLUSTER MANAGEMENT SYSTEM (PYTHON)
 
ully Automatic WSO2 Enterprise Service Bus(ESB) Cluster Management System
ully Automatic WSO2 Enterprise Service Bus(ESB) Cluster Management Systemully Automatic WSO2 Enterprise Service Bus(ESB) Cluster Management System
ully Automatic WSO2 Enterprise Service Bus(ESB) Cluster Management System
 
Docker framework
Docker frameworkDocker framework
Docker framework
 
CYBER SECURITY WORKSHOP (Only For Educational Purpose)
CYBER SECURITY WORKSHOP (Only For Educational Purpose)CYBER SECURITY WORKSHOP (Only For Educational Purpose)
CYBER SECURITY WORKSHOP (Only For Educational Purpose)
 

Kürzlich hochgeladen

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Kürzlich hochgeladen (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 

Athenticated smaba server config with open vpn

  • 1. Authenticated Samba Server Config with Open VPN Chanaka.lasantha@gmail.com Designed , Doumented and Tested by Chanaka Lasantha Nanayakkara Wawage Most Important Settings Date: date -s "9 AUG 2013 11:32:08" Add repository EPEL that is provided from Fedora project. rpm –Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
  • 2. Installing Samba Server and cups-libs is for printer # yum install -y samba samba-commons cups-libs xinetd portmap # setup Select System service from list You have to tick the following boxes if not already selected, [*]portmap [*]xinetd [*]smb Create a directory which you would like to share mkdir /sharedrepo Add a new group or you can use existing group to provide access on shared directory, Here I am adding new group called staff groupadd staff Change the group and permission of sharing folder chgrp -R staff /sharedrepo chmod -R 777 /sharedrepo Explanation of behavior of chmod syntax’s The chmod numeric format accepts up to four octal digits. The rightmost three refer to permissions for the file owner, the group and other users. The next digit (fourth from the right) specifies special setuid, setgid and sticky flags. Numerical permissions: # Permission rwx 7 6 Full Read and Write 111 110
  • 3. 5 4 3 2 1 0 Read and Execute Read Only Write and Execute Write Only Execute Only None 101 100 011 010 001 000 rwx = Read, Write, Execute Further Explanation :  Read = read a file or list a directory's contents  Write = write to a file or directory  Execute = execute a file or recurse a directory tree Sample : chmod -R 777 /sharedrepo has a full permission for Read, Write and Execute. create user and add them in group called staff. And set the samba password for this user useradd test usermod -G staff test smbpasswd -a test Take backup of /etc/samba/smb.conf file then edit the smb.conf file. And add the given parameter in last line of /etc/samba/smb.conf file cd /etc/samba/ cp -p smb.conf smb.conf.orig vim /etc/samba/smb.conf [sharedrepo] comment = shared-directory path = /sharedrepo public = no valid users = test, @staff writable = yes browseable = yes create mask = 0765
  • 4. Edit these lines in /etc/samba/smb.conf . To allow network to reach samba server Change the value of 192.168.2.0/24 with your subnet. And change the ethernet value which is in used by your system and which you want to allow for traffic. In second line ,192.168.2. is for subnet .Same rule applied to 127. which is for loopback. interfaces = lo eth0 192.168.2.0/24 hosts allow = 127. 192.168.2. Mainly for windows users,if your all PC in your network are using different WORKGROUP name edit the given below line in smb.conf with your workgroup name. Windows system bydefault uses the WORKGROUP as WORKGROUP. Try first without changing the WORKGROUP name,if required do the change. workgroup = WORKGROUP Add services in /etc/services files vim /etc/services netbios-ns 137/tcp # netbios name service netbios-ns 137/udp # netbios name service netbios-dgm 138/tcp # netbios datagram service netbios-dgm 138/udp # netbios datagram service netbios-ssn 139/udp # netbios session service netbios-ssn 139/udp # netbios session service Enable IP Forwarding (Highly Important!) If you want your OpenVPN clients to be able to access the network, in addition to the push routes statements above you will need to setup ip forwarding for the tunnel interface and change the 0 to a 1. vim /etc/sysctl.conf # ------ Edit the following line changing the 0 to a 1 ----- net.ipv4.ip_forward = 1
  • 5. Save and close the file. Reload the changes by typing the following command: Or echo 1 > /proc/sys/net/ipv4/ip_forward sysctl -p Add iptables rule in samba server for port no. 137,138.139 and 445. service iptables start iptables –-flush iptables --table nat -–flush iptables --delete-chain service iptables save service iptables restart service network restart iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEP iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 2 -j ACCEPT iptables -A INPUT -p icmp -j ACCEPT iptables -A OUTPUT -p icmp -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m state --state INVALID -j DROP iptables -A OUTPUT -m state --state INVALID -j DROP iptables -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP iptables -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP iptables -N SYN_FLOOD iptables -A INPUT -p tcp --syn -j SYN_FLOOD iptables -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN iptables -A SYN_FLOOD -j DROP iptables -A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP iptables -A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP iptables -A INPUT -p icmp -m icmp -m limit --limit 1/second -j ACCEPT iptables -A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPT iptables -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j DROP iptables -A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP iptables -A INPUT -m recent --name portscan --remove iptables -A FORWARD -m recent --name portscan –remove
  • 6. iptables -A INPUT -s 0.0.0.0/7 -j DROP iptables -A INPUT -s 2.0.0.0/8 -j DROP iptables -A INPUT -s 5.0.0.0/8 -j DROP iptables -A INPUT -s 7.0.0.0/8 -j DROP iptables -A INPUT -s 10.0.0.0/8 -j DROP iptables -A INPUT -s 23.0.0.0/8 -j DROP iptables -A INPUT -s 27.0.0.0/8 -j DROP iptables -A INPUT -s 31.0.0.0/8 -j DROP iptables -A INPUT -s 36.0.0.0/7 -j DROP iptables -A INPUT -s 39.0.0.0/8 -j DROP iptables -A INPUT -s 42.0.0.0/8 -j DROP iptables -A INPUT -s 49.0.0.0/8 -j DROP iptables -A INPUT -s 50.0.0.0/8 -j DROP iptables -A INPUT -s 77.0.0.0/8 -j DROP iptables -A INPUT -s 78.0.0.0/7 -j DROP iptables -A INPUT -s 92.0.0.0/6 -j DROP iptables -A INPUT -s 96.0.0.0/4 -j DROP iptables -A INPUT -s 112.0.0.0/5 -j DROP iptables -A INPUT -s 120.0.0.0/8 -j DROP iptables -A INPUT -s 169.254.0.0/16 -j DROP iptables -A INPUT -s 172.16.0.0/12 -j DROP iptables -A INPUT -s 173.0.0.0/8 -j DROP iptables -A INPUT -s 174.0.0.0/7 -j DROP iptables -A INPUT -s 176.0.0.0/5 -j DROP iptables -A INPUT -s 184.0.0.0/6 -j DROP iptables -A INPUT -s 192.0.2.0/24 -j DROP iptables -A INPUT -s 197.0.0.0/8 -j DROP iptables -A INPUT -s 198.18.0.0/15 -j DROP iptables -A INPUT -s 223.0.0.0/8 -j DROP iptables -A INPUT -s 224.0.0.0/3 -j DROP iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT iptables -A INPUT -s 192.168.2.0/24 -m state --state NEW -p tcp --dport 137 -j ACCEPT iptables -A INPUT -s 192.168.2.0/24 -m state --state NEW -p tcp --dport 138 -j ACCEPT iptables -A INPUT -s 192.168.2.0/24 -m state --state NEW -p tcp --dport 139 -j ACCEPT iptables -A INPUT -s 192.168.2.0/24 -m state --state NEW -p tcp --dport 445 -j ACCEPT iptables -A OUTPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT iptables -A OUTPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT iptables -A OUTPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%271%27%3d%271” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+1%3d1” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%271%27%3d%271” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%27%27%3d%27” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+1%3d1” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%271%27%3d%271” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%27%27%3d%27” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+1%3d1” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%271%27%3d%271” --algo bm -j DROP service iptables save
  • 7. service iptables restart service network restart /sbin/iptables -L iptables -L -t nat –n iptables -vnL Now start the smb and nmb services. /etc/init.d/smb start /etc/init.d/nmb start Now we will test samba from linux and windows machine (Windows User) Open the Run and type ip-address-of-samba-servershared-Direcory-name for eg:- 192.168.56.101sharedrepo Give username and password. (password which you set with the help of smbpasswd command)
  • 8. Linux Users: smbclient must be installed in system smbclient //ip-samba-server/sharedDirectory -U username smbstatus FINAL STAGE OF OPEN VPN SOLUTION CONFIG FOR A WORLD WIDE SECURE SAMBA REMOTE ACCESS CAN BE SETUP USING BY CLICKING THIS URL. Install the ClamAV Virus Guard for Inter-clients Virus Protectiion yum --enablerepo=rpmforge -y install clamav vim /etc/freshclam.conf line 122: make it comment:- #NotifyClamd /etc/clamd.conf update pattern files:- freshclam vim /etc/crontab # Explanation:- # MIN HOUR MDAY MON DOW COMMAND # */5 * * * * echo 'Hello' # # MIN Minute 0-60 # HOUR Hour [24-hour clock] 0-23 # MDAY Day of Month 1-31 # MON Month 1-12 OR jan,feb,mar,apr . # DOW Day of Week 0-6 OR # sun,mon,tue,wed,thu,fri,sat # COMMAND Command to be run Any valid command-line #Run a Virus SCAN for " sharedrepo" folder after every 3-hours while awake by the ClamAV Virus Guard 0 7-23/3 * * * clamscan --infected --remove --recursive /sharedrepo && clamscan --infected --remove --recursive #Run the Automatic Updater for the ClamAV Virs Batabase by Every 3 Hours Periodically 0 7-23/3 * * * freshclam init 0
  • 9. How to enable or disable SMB protocols on the SMB client on Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 To disable SMBv1 on the SMB client, run the following commands: sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi sc.exe config mrxsmb10 start= disabled To enable SMBv1 on the SMB client, run the following commands: sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi sc.exe config mrxsmb10 start= auto To disable SMBv2 and SMBv3 on the SMB client, run the following commands: sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi sc.exe config mrxsmb20 start= disabled To enable SMBv2 and SMBv3 on the SMB client, run the following commands: sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi sc.exe config mrxsmb20 start= auto