The Samba configuration file is not available on the Malware Analysis server host, when you select Samba from Repository Configuration > Apply option.
This KB outlines a process to install and configure Samba on CentOS 7.
You must follow these steps to complete installing and configuring Samba on CentOS 7.
SAMBA Server ConfigurationTo enable Samba file sharing, do the following.
1.
Install Samba on CentOS These configurations will be done on the Malware Server.
Samba is available in the standard CentOS repositories.
a. Add custom external repo to install the required rpms, do the following:
vi /etc/yum.repos.d/samba.repo
b. Enter the below content into samba.repo file:
[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#released updates
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
c. Install Samba on your CentOS system, run the following command:
sudo yum install samba samba-client
2.
Configure FirewallAfter Samba is installed and running on your CentOS machine, you must configure your firewall and open the necessary ports. The smbd service provides file sharing and printing services and listens on TCP ports 139 and 445. The nmbd service provides NetBIOS over IP naming services to clients and listens on UDP port 137.
To configure the firewall, run the following commands:
firewall-cmd --permanent --zone=public --add-service=samba
firewall-cmd --zone=public --add-service=samba
3.
Create the Samba Directory StructureFor easy maintenance and flexibility, instead of using the standard home directories (/home/user), all Samba directories and data can be stored in the /samba directory.
a. To create the /samba directory, do the following.
sudo mkdir /samba
b. Create a group named netwitness. Run the below command.
sudo groupadd netwitness
c. Set the /samba directory group ownership to netwitness. Run the below command.
sudo chgrp netwitness /samba
4.
Create Samba UsersSamba uses Linux users and group permission system although, it has its own authentication mechanism separate from the standard Linux authentication. You must create the users using the standard Linux useradd tool and then set the user password using the smbpasswd utility.
To create a new user named netwitness, run the following command.
sudo useradd -M -d /samba/netwitness -s /usr/sbin/nologin -G netwitness netwitness
Note: The useradd options have the following meanings:
-
M - do not create the user’s home directory. We must manually create this directory.
-
d /samba/netwitness – Set the user’s home directory to /samba/netwitness.
-
s /usr/sbin/nologin – Disable shell access for this user.
-
G netwitness – Add the user to the netwitness group.
5.
Create the user’s home directoryTo create the user’s home directory and set the directory ownership to user netwitness and group netwitness, do the following.
sudo mkdir /samba/netwitness
sudo chown netwitness:netwitness /samba/netwitness/
sudo chmod 2770 /samba/netwitness/
sudo smbpasswd -a netwitness
<use default password i.e. netwitness>
sudo smbpasswd -e netwitness
6.
Configure Samba SharesOpen the Samba configuration file and append the sections. Run the below command.
sudo vi /etc/samba/smb.conf
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775
[netwitness]
path = /var/netwitness/malware-analytics-server/spectrum/repository
browseable = no
read only = no
7. Run testparm to verify that the configuration is correct after you modify it.
Once done, restart the Samba services with:
sudo systemctl restart smb.service
sudo systemctl restart nmb.service
SAMBA Client ConfigurationTo receive the Samba file on CentOS 7, do the following.
1.
Connect to a Samba Share from Centos 7Centos users can access the samba share from the command line.
To access the samba share, use the file manager or mount the Samba share.
These configurations will be done on the client side, it could be SA-server or any other centos box.
- Access Samba using the smbclient client
Smbclient tool allows you to access Samba from the command line. The smbclient package is not pre-installed on most centos distros. Therefore, you must install it with your distribution package manager.
a. Add custom external repo to install the required rpms, do the following:
vi /etc/yum.repos.d/samba.repo
b. Enter the below content into samba.repo file
[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#released updates
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
c. To install smbclient package, do the following.
sudo yum install sambaclient
The syntax to access a Samba share is as follows:
smbclient //10.237.174.34/netwitness -U netwitness
smb: > exit
Note: Use Malware host address and the default password 'netwitness'.
2. Mount the Samba share
To mount a Samba share on Linux, first, you need to install the cifs-utils package.
- Run the below command to install the cifs-utils package.
sudo yum install cifs-utils
sudo mkdir /mnt/smbmount
- Mount the share. Run the below command.
sudo mount -t cifs -o username=netwitness //10.237.174.34/netwitness /mnt/smbmount
Note: Use Malware host address and the default password netwitness.
- Check if the new mount has been created. Run the below command.
df -h
- Check if the Malware scanned files are shared here.
ll /mnt/smbmount
3.
Connect to a Samba Share from Windows.Windows users also have an option to connect to the Samba share from both command line and GUI.
To access the share using the Windows File Explorer:
a. Press ctrl+R to open Run window
b. Enter the address of the Samba share in the following format:
\\samba_hostname_or_server_ip\sharename.
\\10.237.174.34\netwitness
Note: Use Malware host address
c. Click Next.
d. Enter the login credentials.
e. Type a custom name for the network location. The default one will be picked up by the Samba server.
f. Click Next.
g. Click Finish.
The files on the Samba server will be shown.