Changeset 342 for branches/samba-3.3.x/docs/htmldocs/Samba3-HOWTO/securing-samba.html

Timestamp:

Oct 30, 2009, 9:39:05 AM (16 years ago)

Author:

Herwig Bauernfeind

Message:

Update 3.3 to 3.3.9

File:

• branches/samba-3.3.x/docs/htmldocs/Samba3-HOWTO/securing-samba.html (modified) (10 diffs)

branches/samba-3.3.x/docs/htmldocs/Samba3-HOWTO/securing-samba.html

@@ -4 +4 @@
 <a class="indexterm" name="id2618097"></a>
 <a class="indexterm" name="id2618104"></a>
-<a class="indexterm" name="id2618110"></a>
+<a class="indexterm" name="id2618111"></a>
 <a class="indexterm" name="id2618117"></a>
 <a class="indexterm" name="id2618124"></a>
@@ -27 +27 @@
 <a class="indexterm" name="id2618189"></a>
 <a class="indexterm" name="id2618196"></a>
-<a class="indexterm" name="id2618202"></a>
+<a class="indexterm" name="id2618203"></a>
 There are three levels at which security principles must be observed in order to render a site
 at least moderately secure. They are the perimeter firewall, the configuration of the host
@@ -58 +58 @@
 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2618336"></a>Using Host-Based Protection</h3></div></div></div><p>
 <a class="indexterm" name="id2618344"></a>
-<a class="indexterm" name="id2618350"></a>
+<a class="indexterm" name="id2618351"></a>
 <a class="indexterm" name="id2618357"></a>
         In many installations of Samba, the greatest threat comes from outside
@@ -66 +66 @@
         especially vulnerable.
         </p><p>
-<a class="indexterm" name="id2618372"></a>
-<a class="indexterm" name="id2618379"></a>
+<a class="indexterm" name="id2618373"></a>
+<a class="indexterm" name="id2618380"></a>
         One of the simplest fixes in this case is to use the <a class="link" href="smb.conf.5.html#HOSTSALLOW" target="_top">hosts allow</a> and
         <a class="link" href="smb.conf.5.html#HOSTSDENY" target="_top">hosts deny</a> options in the Samba <code class="filename">smb.conf</code> configuration file to
@@ -98 +98 @@
         </p><p>
         You can change this behavior using options like this:
-        </p><table class="simplelist" border="0" summary="Simple list"><tr><td><a class="indexterm" name="id2618592"></a><em class="parameter"><code>interfaces = eth* lo</code></em></td></tr><tr><td><a class="indexterm" name="id2618604"></a><em class="parameter"><code>bind interfaces only = yes</code></em></td></tr></table><p>
-        </p><p>
-<a class="indexterm" name="id2618619"></a>
+        </p><table class="simplelist" border="0" summary="Simple list"><tr><td><a class="indexterm" name="id2618593"></a><em class="parameter"><code>interfaces = eth* lo</code></em></td></tr><tr><td><a class="indexterm" name="id2618604"></a><em class="parameter"><code>bind interfaces only = yes</code></em></td></tr></table><p>
+        </p><p>
+<a class="indexterm" name="id2618620"></a>
 <a class="indexterm" name="id2618626"></a>
 <a class="indexterm" name="id2618633"></a>
@@ -109 +109 @@
         the common name for Ethernet adapters on Linux.
         </p><p>
-<a class="indexterm" name="id2618669"></a>
+<a class="indexterm" name="id2618670"></a>
 <a class="indexterm" name="id2618676"></a>
-<a class="indexterm" name="id2618682"></a>
+<a class="indexterm" name="id2618683"></a>
 <a class="indexterm" name="id2618689"></a>
         If you use the above and someone tries to make an SMB connection to your host over a PPP interface called
@@ -167 +167 @@
         </p><p>
 <a class="indexterm" name="id2618979"></a>
-<a class="indexterm" name="id2618985"></a>
+<a class="indexterm" name="id2618986"></a>
 <a class="indexterm" name="id2618993"></a>
         This instructs Samba that IPC$ connections are not allowed from anywhere except the two listed network
@@ -176 +176 @@
 <a class="indexterm" name="id2619010"></a>
 <a class="indexterm" name="id2619017"></a>
-<a class="indexterm" name="id2619023"></a>
+<a class="indexterm" name="id2619024"></a>
         If you use this method, then clients will be given an <code class="literal">`access denied'</code> reply when they try
         to access the IPC$ share. Those clients will not be able to browse shares and may also be unable to access
@@ -203 +203 @@
         session security is negotiated.
         </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2619099"></a>Upgrading Samba</h2></div></div></div><p>
-<a class="indexterm" name="id2619106"></a>
+<a class="indexterm" name="id2619107"></a>
 <a class="indexterm" name="id2619113"></a>
 <a class="indexterm" name="id2619120"></a>
@@ -246 +246 @@
         permissions on the user's home directories so that the <code class="literal">cd</code> and <code class="literal">ls</code> are denied.
         </p><p>
-<a class="indexterm" name="id2619292"></a>
-<a class="indexterm" name="id2619299"></a>
+<a class="indexterm" name="id2619293"></a>
+<a class="indexterm" name="id2619300"></a>
         Samba tries very hard not to second guess the UNIX administrator's security policies and
         trusts the UNIX admin to set the policies and permissions he or she desires.