Samba is a Linux/UNIX software package that allows you to share files and directories with computers running other operating systems over the network. It also allows your Linux desktop or laptop to sign into a Windows network and be able to share files inside a workgroup. There are several advanced features that Samba comes with, such as domain controller. We will look at how to convert your Ubuntu box into a Samba file server and configure it to share directories with different combinations of permissions.

01 Prerequisites
When setting up a Linux file server, there are certain things that you will to have set up on your server before you start working on the Samba bit. The first thing you want to do is to set up the server with a static IP address, as opposed to one assigned dynamically by a DHCP server. Edit the file ‘/etc/network/interfaces’ with root user privileges and set the IP address manually. An example of the settings would be using something like the following:

auto eth1
 iface eth1 inet static
 address 192.168.1.3
 gateway 192.168.1.1
 netmask 255.255.255.0
 network 192.168.1.0
 broadcast 192.168.1.255

Using a static IP for any type of server makes good sense. Save the changes and restart the network with the command ‘# sudo /etc/init.d/networking restart’.

02 Installing Samba
Distributions such as Ubuntu have made the installation of just about anything so simple and straightforward with smart package management that you can have pretty much any software installed with a one-line command. To install Samba on your Ubuntu computer, execute the following:

# sudo apt-get update
# sudo apt-get install libcupsys2 samba samba-common

Here we are requesting Ubuntu to install three packages. The first one is to share your printer, the other two are Samba and its support packages.

03 Configuration file
The configuration files of Samba are stored in the ‘/etc/samba/’ directory. The first thing you should do before we dive into the configuration of Samba is to make a backup of the main configuration file.

# cp /etc/samba/smb.conf /etc/samba/smb.conf.bak

Now open the file with your favourite text editor and let’s make some configuration changes:

# sudo vim /etc/samba/smb.conf

Next Page

Advisor:
Kunal Deo

Resources:
eBox installer

Linux is an excellent choice for a server operating system, no matter what the size of business. However, it is still not very easy to administrate. Recently many distributions have launched their own interface to configure these server components (like Apache and Samba), but really failed at delivering an easy-to-use interface to configure it. That alone turns off many SMB (small and medium business) folks. eBox is trying to fix this particular issue. eBox (or eBox Platform, to give it its full name) can play multiple roles. It can act as a network gateway, an infrastructure manager, a unified threat manager, an office server, a unified communication server or a combination of any of these. eBox is delivering these functions using already popular open source software with a solid administration interface.

As of the current release of eBox (1.2), eBox ships with the following profiles…
eBox Office: File server, print server and groupware server. eBox Office includes ebox-samba, ebox-printers, ebox-egroupware, ebox-antivirus, ebox-ebackup, ebox-software and ebox-monitor.
eBox Communication: Mail server, chat server and VOIP server. eBox Communication includes ebox-mail, ebox-jabber, ebox-asterisk, ebox-mailfilter, ebox-antivirus, ebox-ebackup, ebox-software and ebox-monitor.
eBox Security: Proxy server, intrusion detection system, firewall system and VPN server. eBox Security includes ebox-firewall, ebox-ids, ebox-squid, ebox-openvpn, ebox-mailfilter, ebox-antivirus, ebox-ebackup, ebox-software and ebox-monitor.
eBox Gateway: Proxy server and firewall system. eBox Gateway includes ebox-network, ebox-squid, ebox-firewall, ebox-trafficshaping, ebox-l7-protocols, ebox-ebackup, ebox-software and ebox-monitor.
eBox Infrastructure: DHCP server, DNS server, web server, and NTP server. eBox Infrastructure includes ebox-network, ebox-dhcp, ebox-dns, ebox-openvpn, ebox-webserver, ebox-ntp, ebox-ebackup, ebox-software and ebox-monitor.

Advisor:

Resources:
moblock (or here for Debian/Ubuntu users)
blockcontrol
mobloquer

MoBlock is an open source application for the Linux platform that allows you to manage connections to and from your computer. If you have used or heard of the program PeerGuardian, MoBlock has a pretty similar function. The project caters to advanced Linux users and allows them fine-grain control over which hosts are allowed to connect to your computer and which hosts can be connected from the machine. We’ll look at how to install, configure and monitor MoBlock on your Linux machine.

Installation
01 The installation of MoBlock is pretty straightforward for users of Ubuntu Linux. Ubuntu has had MoBlock available in its package management systems for some time now. You will need to add a new set of repositories to download and install MoBlock and the other supporting tools with ‘apt-get’. As a first step, you need to add GPG keys.

For Hardy and Intrepid, type the following lines in a terminal window:

gpg –keyserver wwwkeys.eu.pgp.net –recv 58712F29
gpg –export –armor 58712F29 | sudo apt-key add -

For Jaunty and later versions, type the following lines in the terminal window:

gpg –keyserver keyserver.ubuntu.com –recv 9C0042C8
gpg –export –armor 9C0042C8 | sudo apt-key add -

02 Now edit the ‘apt-get’ source file and add the following repository entries. Run the command ‘# sudo vim /etc/apt/sources.list’ to edit the file.

If you are running Ubuntu 9.10 (Karmic Koala), add the following lines:

deb http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu karmic main
deb-src http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu karmic main

For Ubuntu 9.04 (Jaunty Jackalope), instead add this:

deb http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu jaunty main
deb-src http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu jaunty main

For other versions, please read the instructions in the Ubuntu documentation.

Advisor:
Swayam Prakasha

Everyone understands how critical TCP/IP (Transmission Control Protocol / Internet Protocol) is, but fails to realise the fact that the TCP/IP suite relies on many functions provided by ICMP (Internet Control Message Protocol). ICMP is one of the core protocols of the IP suite. It a network-layer protocol that is primarily concerned with routing issues.

With the help of this protocol, routers are able to send error or control information to their hosts. This protocol is of great help for system administrators, as it aids in testing for the connectivity and searching for the configuration errors in a network. Let us see an example of how ICMP facilitates this. When a router is not able to forward a datagram, it informs the original source about this error, and does not specify what action needs to be taken to overcome the error. It is up to the source to take the necessary action in order to correct the problem. It is important to notice here that ICMP cannot be used to inform the intermediate routers when a problem occurs. This is basically because a datagram contains fields that specify the original source and the ultimate destination. So when a router gets a datagram, it does not know the path taken by the datagram to arrive there. Instead of discarding a datagram when an error occurs, it informs the source from which the datagram originated. Hence the connectivity and configuration of a network is easily tested.

ICMP is a classic example of a client-server application. The fundamental purpose of this protocol is to report problems with the delivery of IP datagrams. The protocol is also frequently used by internet managers to verify correct operations of End Systems (ES) and to check that routers are correctly routing packets to the specified destination address. It is the responsibility of the network-layer protocol to ensure that the ICMP message is sent to the correct destination. This is achieved by setting the destination address of the IP packet carrying the ICMP message. The source address is set to the address of the computer that generated the IP packet (carried in the IP source address field) and the IP protocol type is set to ‘ICMP’ to indicate that the packet is to be handled by the remote end system’s ICMP client interface.

Functions provided by ICMP
The following are some of the functions provided by this protocol:

1. Announce network errors
Such as a host or entire portion of the network being unreachable, due to some type of failure. A TCP or UDP packet directed at a port number with no receiver attached is also reported via ICMP.

2. Announce network congestion
When a router begins buffering too many packets, due to an inability to transmit them as fast as they are being received, it will generate ICMP source quench messages. Directed at the sender, these messages should cause the rate of packet transmission to be slowed. Of course, generating too many source quench messages would cause even more network congestion, so they are used sparingly.

3. Assisting in troubleshooting
ICMP supports an echo function, which just sends a packet on a round trip between two hosts. Ping, a common network management tool, is based on this feature. Ping will transmit a series of packets, measuring average round-trip times and computing loss percentages.

4. Announcing timeouts
If an IP packet’s TTL (time to live) field drops to zero, the router discarding the packet will often generate an ICMP packet announcing this fact. Traceroute is a tool which maps network routes by sending packets with small TTL values and watching the ICMP timeout announcements.

ICMP messages are sent in various situations. Some of the familiar situations are when a datagram cannot reach the destination, when the gateway can direct the host to send traffic on a shorter route etc. It is important to understand here that the purpose of these control messages is to provide feedback about the problems in the environment. Typically, ICMP messages report errors in the processing
of datagrams.

ICMP packets are handled in the same way as any other data packet. However, ICMP packets do not include source and destination ports. A special signature called ‘type of message’ is included in these packets and this message type indicates the purpose of the ICMP packet. In fact, ICMP is essentially just a collection of predefined messages, each of which provides very specific functionality. It is to be observed here that ICMP packet delivery is unreliable – which means hosts can not count on receiving ICMP messages for any problems happening over a network.

Swayam Prakasha explains the types of attacks that could happen over a network and their preventive measures. He also takes a look at various means of securing a web server

Advisor:
Swayam Prakasha has been working in information technology for several years, concentrating on areas such as operating systems, networking, network security, electronic commerce, internet services, LDAP and web servers. Swayam has authored a number of articles for trade publications, and he presents his own papers at industry conferences.

Network and information security refers to the confidence that unauthorised users cannot access the information and services available on a network. Security implies safety. It assumes data integrity, freedom from unauthorised access of resources and freedom from disruption of services. As far as security is concerned, we need to protect both physical and abstract resources, such as information. Protecting the latter is more difficult.
Information security is concerned with three main areas: confidentiality (information should be available only to those who rightfully have access to it), integrity (information should be modified only by those who are authorised to do so) and availability (information should be accessible to those who need it when they need it).

Authentication attack
On the internet, where data passes across intermediate routers and networks, source authentication can be easily attacked at one of the intermediate routers. For example, an impostor can gain control of a router, ‘R’, that lies between a valid client and a server. He can then alter the routes in R to direct return traffic to him and generate a request using the authorised client’s address as a source address. The server will, in this case, accept the request and send the reply to the authorized client. When it reaches R, the reply will be forwarded along the incorrect route to the impostor.

The above example illustrates the need for the server and client to not communicate with impostors. One way of ensuring this is to use the authentication mechanism (also known as IP address authentication). This is a simple security mechanism to verify identification. Here, a server is configured with a list of valid IP source addresses. And when a request arrives, the server makes sure that it’s from a valid client by matching the client’s IP address with the ones in the configured list. Only if the client is authorised does the server grant it the service requested for.

Another method is the public-key encryption mechanism. In this case, we will be using a pair of keys: a public key and a private key. The sender using the public key of the receiver will encrypt the message and when the receiver receives it, he decrypts it using his private key (which only he knows). Thus the sender can make sure that only the intended receiver will receive the message. The public key encryption can be used for authentication, confidentiality and integrity of the messages.

Top Vulnerabilities
1. Default installations of operating system and applications
2. Accounts with no password or weak password
3. Non-existent or incomplete backup
4. A large number of open ports
5. Not filtering packets for correct incoming and outgoing addresses
6. Non-existent or incomplete logging
7. Vulnerable CGI programs
8. Sendmail vulnerabilities
9. BIND weaknesses