The IPC$ share allows users to anonymously fetch a list of shared resources from a server. It can be used as a point of attack into a system. How do I disable or limit IPC$ under Samba to certain subnet such as 10.0.0.0/8?
You can easily limit access to the IPC$ share under Samba using hosts allow and hosts deny feature. Another option is firewall samba port and limit access within your own subnet so that only machines in your network will be able to connect to it. Open smb.conf and make [IPC$] set it as follows:
[IPC$]
hosts allow = 10.0.0. 127.0.0.1
hosts deny = 0.0.0.0/0
Save and close the file. Restart samba:
/etc/init.d/smb restart
Use iptables to restrict access
You can also add something as follows to your iptables script (/etc/sysconfig/iptables under CentOS / RHEL / Fedora Linux)
-A RH-Firewall-1-INPUT -s 10.0.0.0/8 -m state --state NEW -p tcp --dport 137 -j ACCEPT -A RH-Firewall-1-INPUT -s 10.0.0.0/8 -m state --state NEW -p tcp --dport 138 -j ACCEPT -A RH-Firewall-1-INPUT -s 10.0.0.0/8 -m state --state NEW -p tcp --dport 139 -j ACCEPT -A RH-Firewall-1-INPUT -s 10.0.0.0/8 -m state --state NEW -p tcp --dport 445 -j ACCEPT
Save and close the file. Restart iptables:
# service iptables restart
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- My 10 UNIX Command Line Mistakes
- Linux: 20 Iptables Examples For New SysAdmins
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
Facebook it - Tweet it - Print it -
