Tag: 6332

Categories
Knowledge Support Support exacqVision Server Categories Products

How to Remove Unused Samba Services to Avoid Potentially Being Detected by a Vulnerability Scan

Summary:

This is a procedure to remove unused Samba services to avoid potentially being detected by a vulnerability scan. Unless the server is an S-Series, these services are most likely not being used and may be disabled.

More Information:

Samba is a collection of services that allow for file sharing across a network with other Windows systems. However, the default Samba configuration may lead to being flagged as a vulnerability with some security scanners, such as “null session/password NetBIOS access.

Steps:

All versions of Ubuntu:

  • To verify whether smbd (SMB file service) and/or nmbd (NetBIOS name resolution service) are currently running:
    • admin@ER1234567890:~$ ps agux | grep mbd
    • root 1225 0.0 0.0 20416 1176 ? Ss Jun26 35:24 nmbd -D
    • root 25965 2.5 0.1 33284 6844 ? Ds 18:13 0:00 smbd -F
    • root 25967 0.0 0.0 31480 2388 ? S 18:13 0:00 smbd -F
  • A third related service is samba-ad-dc, which allows a Linux workstation to function as a Active Directory domain controller.
  • Confirm the installed version of Ubuntu with:
    • admin@ER1234567890:~$ sudo lsb_release -a
    • No LSB modules are available.
    • Distributor ID: Ubuntu
    • Description: Ubuntu 16.04.4 LTS
    • Release: 16.04
    • Codename: xenial

Ubuntu v14.04:

System services are managed via initscripts:

/etc/init.d/samba (starts smbd, nmbd, and samba-ad-dc as a group)

/etc/init.d/smbd

/etc/init.d/nmbd

/etc/init.d/samba-ad-dc

  • First, STOP these services:
    • sudo service smbd stop
    • sudo service nmbd stop
    • sudo service samba-ad-dc stop
  • Then, DISABLE these services. The command will respond with a message resembling “system start/stop links for XXXXX do not exist.
    • sudo update-rc.d samba disable
    • sudo update-rc.d smbd disable
    • sudo update-rc.d nmbd disable
    • sudo update-rc.d samba-ad-dc disable

Ubuntu v16.04:

System services are managed via a combination of initscripts and Upstart.

  • First, STOP these services in the same manner as listed above in the “Ubuntu v14.04” section.
  • Then, DISABLE these services in the same manner as listed above in the “Ubuntu v14.04” section.
  • Finally, these services should be set to MANUAL for Upstart:
    • sudo su
    • echo manual > /etc/init/smbd.override
    • echo manual > /etc/init/nmbd.override
    • echo manual > /etc/init/samba-ad-dc.override

Ubuntu v18.04 or newer:

System services are managed via systemd.

  • First, STOP these services:
    • sudo systemctl
    • stop smbd sudo systemctl
    • stop nmbd sudo systemctl
    • stop samba-ad-dc
  • Then, DISABLE these services from automatic startup at boot:
    • sudo systemctl disable smbd
    • sudo systemctl disable nmbd
    • sudo systemctl disable samba-ad-dc
  • For extra security, use the following commands to PREVENT these services from being manually started:
    • sudo systemctl mask smbd
    • sudo systemctl mask nmbd
    • sudo systemctl mask samba-ad-dc