Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
samba: disable guest access and anonymous queries
Source: meta-openembedded MR: 00000 Type: Integration Disposition: Merged from meta-openembedded ChangeID: f29dfed Description: Guest accounts for Samba are a known potential vulnerability (see https://www.tenable.com/plugins/nessus/26919) where info about the host can be obtained without proper access. The option "map to guest = bad user" allows login attempts with usernames that don't exist to map to the guest account, while the "restrict anonymous" value (implicitly set to 0 before this patch) would allow any queries to obtain user and group list information. Raise the default security level by setting "restrict anonymous" to "1" and "map to guest" to "never" to avoid providing user/group info to unauthenticated users and reject login attempts with an invalid password, respectively. Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
- Loading branch information