Samba settings for security

25 May 2019

If not properly configured, samba can fall fowl of a couple of security issues:

  1. CVE-1999-0519: null session/password netbios access
  2. CVE-2000-1200: remote user list disclosure

The solutions for these are below.

In the global settings:

   map to guest = Never
   guest account = nobody
   restrict anonymous = 2

And in the share settings:

   security = user
   browseable = no

Security can equal something else, as long as it is not security = share, which has issues

For a quick dump of the smb.conf without all the commented out lines you can try cat /etc/samba/smb.conf | sed '/#/d' | sed '/;/d' | sed '/^$/d' or similar