This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Knowledge Base Archive
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA NetWitness 11.x Install and Configure Samba on CentOS 7

Article Number

000040058

Applies To

RSA Product Set: NetWitness Logs and Network
RSA Product/Service Type: Malware Analysis Server
RSA Version/Condition: 11.5.x or higher version
 

Issue

The Samba configuration file is not available on the Malware Analysis server host, when you select Samba from Repository Configuration > Apply option. 
This KB outlines a process to install and configure Samba on CentOS 7.

Task

You must follow these steps to complete installing and configuring Samba on CentOS 7.

Resolution

SAMBA Server Configuration
To enable Samba file sharing, do the following.

1. Install Samba on CentOS 
These configurations will be done on the Malware Server.
Samba is available in the standard CentOS repositories. 

a.    Add custom external repo to install the required rpms, do the following:

vi /etc/yum.repos.d/samba.repo

b. Enter the below content into samba.repo file:

[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#released updates

[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
c. Install Samba on your CentOS system, run the following command:

sudo yum install samba samba-client

2. Configure Firewall
After Samba is installed and running on your CentOS machine, you must configure your firewall and open the necessary ports. The smbd service provides file sharing and printing services and listens on TCP ports 139 and 445. The nmbd service provides NetBIOS over IP naming services to clients and listens on UDP port 137. 
   
    To configure the firewall, run the following commands:

firewall-cmd --permanent --zone=public --add-service=samba
firewall-cmd --zone=public --add-service=samba

3. Create the Samba Directory Structure
For easy maintenance and flexibility, instead of using the standard home directories (/home/user), all Samba directories and data can be stored in the /samba directory.

a. To create the /samba directory, do the following.

sudo mkdir /samba
b. Create a group named netwitness. Run the below command.

sudo groupadd netwitness
c. Set the /samba directory group ownership to netwitness. Run the below command.

sudo chgrp netwitness /samba

4. Create Samba Users
Samba uses Linux users and group permission system although, it has its own authentication mechanism separate from the standard Linux authentication. You must create the users using the standard Linux useradd tool and then set the user password using the smbpasswd utility.

To create a new user named netwitness, run the following command.

sudo useradd -M -d /samba/netwitness -s /usr/sbin/nologin -G netwitness netwitness
Note: The useradd options have the following meanings:
                    -M - do not create the user’s home directory. We must manually create this directory.
                    -d /samba/netwitness – Set the user’s home directory to /samba/netwitness.
                    -s /usr/sbin/nologin – Disable shell access for this user.
                    -G netwitness – Add the user to the netwitness group.

5. Create the user’s home directory
To create the user’s home directory and set the directory ownership to user netwitness and group netwitness, do the following.

sudo mkdir /samba/netwitness
sudo chown netwitness:netwitness /samba/netwitness/
sudo chmod 2770 /samba/netwitness/
sudo smbpasswd -a netwitness
<use default password i.e. netwitness>
sudo smbpasswd -e netwitness

6. Configure Samba Shares
Open the Samba configuration file and append the sections. Run the below command.

sudo vi /etc/samba/smb.conf
 

[global]
        workgroup = SAMBA
        security = user

        passdb backend = tdbsam

        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw

[homes]
        comment = Home Directories
        valid users = %S, %D%w%S
        browseable = No
        read only = No
        inherit acls = Yes

[printers]
        comment = All Printers
        path = /var/tmp
        printable = Yes
        create mask = 0600
        browseable = No

[print$]
        comment = Printer Drivers
        path = /var/lib/samba/drivers
        write list = @printadmin root
        force group = @printadmin
        
        create mask = 0664
        directory mask = 0775

[netwitness]
    path = /var/netwitness/malware-analytics-server/spectrum/repository
    browseable = no
    read only = no

7. Run testparm to verify that the configuration is correct after you modify it.
Once done, restart the Samba services with:

sudo systemctl restart smb.service
sudo systemctl restart nmb.service

SAMBA Client Configuration
To receive the Samba file on CentOS 7, do the following.

1. Connect to a Samba Share from Centos 7
Centos users can access the samba share from the command line. 
To access the samba share, use the file manager or mount the Samba share.
These configurations will be done on the client side, it could be SA-server or any other centos box.
  •     Access Samba using the smbclient client
Smbclient tool allows you to access Samba from the command line. The smbclient package is not pre-installed on most centos distros. Therefore, you must install it with your distribution package manager.

          a.  Add custom external repo to install the required rpms, do the following:     

vi /etc/yum.repos.d/samba.repo
           b. Enter the below content into samba.repo file  

[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra

#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#released updates

[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

          c. To install smbclient package, do the following.

sudo yum install sambaclient
The syntax to access a Samba share is as follows:

smbclient //10.237.174.34/netwitness -U netwitness
smb: > exit
Note: Use Malware host address and the default password 'netwitness'.

2. Mount the Samba share
To mount a Samba share on Linux, first, you need to install the cifs-utils package. 
  • Run the below command to install the cifs-utils package.

sudo yum install cifs-utils
  • Create a mount point.

sudo mkdir /mnt/smbmount
  •  Mount the share. Run the below command.

sudo mount -t cifs -o username=netwitness //10.237.174.34/netwitness /mnt/smbmount
Note: Use Malware host address and the default password netwitness.
  • Check if the new mount has been created. Run the below command.

df -h
  • Check if the Malware scanned files are shared here.

ll /mnt/smbmount

3. Connect to a Samba Share from Windows.
Windows users also have an option to connect to the Samba share from both command line and GUI. 
To access the share using the Windows File Explorer:
a. Press ctrl+R to open Run window
b. Enter the address of the Samba share in the following format:

\\samba_hostname_or_server_ip\sharename.
\\10.237.174.34\netwitness
Note: Use Malware host address
c. Click Next
d. Enter the login credentials.
e. Type a custom name for the network location. The default one will be picked up by the Samba server.
f. Click Next.
g. Click Finish.
The files on the Samba server will be shown.


        

 
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2022-02-23 03:18 AM
Updated by:
Occasional Contributor Occasional Contributor

Related Content

© 2022 RSA Security LLC or its affiliates. All rights reserved.