?
Solved

Samba and Fail2Ban

Posted on 2011-10-10
4
Medium Priority
?
1,491 Views
Last Modified: 2012-05-12
Hi,

We have samba open on a public IP because it needs to be accessed from another machine in a different data centre.
Samba's settings limit the access by IP address so we are safe.

However we are seeing failed attempts:-
  Denied connection from  (46.36.109.89)
[2011/10/09 19:07:13, 1] smbd/process.c:process_smb(1076)
  Connection denied from 46.36.109.89
[2011/10/09 19:07:15, 0] lib/access.c:check_access(327)
  Denied connection from  (46.36.109.89)
[2011/10/09 19:07:15, 1] smbd/process.c:process_smb(1076)
  Connection denied from 46.36.109.89
[2011/10/09 19:07:15, 0] lib/access.c:check_access(327)
  Denied connection from  (46.36.109.89)
[2011/10/09 19:07:15, 1] smbd/process.c:process_smb(1076)
  Connection denied from 46.36.109.89

To reduce load on the server, I'm setting up fail2ban to block these attempts but can't find a Fail2Ban example for Samba.

Can anyone assist?

Thanks
Dan
0
Comment
Question by:DanJourno
  • 2
4 Comments
 
LVL 19

Expert Comment

by:jools
ID: 36945728
You might do better to use iptables to block connections before they get to the server if you are worried about load.
0
 
LVL 29

Accepted Solution

by:
Michael Worsham earned 1000 total points
ID: 36945762
You know a better option would be to have IPTables configured then setup a site-to-site VPN tunnel between the server and the other data center, whether it be a router or another server running something like OpenVPN. That way all connections to and from the Samba server will be secure.

How To Set Up a Site-to-Site VPN with OpenVPN
http://www.smallnetbuilder.com/security/security-howto/30353-how-to-set-up-a-site-to-site-vpn-with-openvpn

HowTos/Network/IPTables
http://wiki.centos.org/HowTos/Network/IPTables

There is also this way of doing it too...

Use fail2ban to block samba attacks
http://www.experts-exchange.com/OS/Linux/Distributions/Red_Hat/Q_25201140.html
0
 
LVL 5

Author Closing Comment

by:DanJourno
ID: 37021014
It wasnt the solution I was asking for.
0
 
LVL 5

Author Comment

by:DanJourno
ID: 37021022
In addition, the link titled "Use fail2ban to block samba attacks" doesnt actually give the solution for using fail2ban to block samba attacks.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month15 days, 18 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question