Samba Samba die ganze Nacht

samba.org logoWer in seinem Unternehmen heterogene Umgebungen vorfindet ist oftmals gezwungen Brücken zwischen der Linux/Unix Welt und Windows zu schlagen. Hierfür wird gerne der freie und quelloffene Samba Server eingesetzt. Dieser stellt per SMB Protokoll Freigaben bereit.
Nun ist es eine Sache die Windows Kollegen zu hetzen, alte Windows XP Maschinen abzustellen. Die andere Seite der Medaille ist die Absicherung der eigenen Serverdienste. Denn wenn der Linux Server immer noch SMBv1 spricht ist der nächsten WannaCrypt/WannaCry Attacke Tür und Tor geöffnet. Microsoft warnt z.B. im Technet Blog vor dieser Möglichkeit.
Die Abhilfe dagegen ist relativ einfach, man verbiete SMBv1. Die Änderung erfolgt in /etc/samba/smb.conf innerhalb der “global” section.

 [global]
 ...
 #min protocol = SMB2
 client min protocol = SMB2
 server min protocol = SMB2
 ...

 

Christoph Niemann
Christoph Niemann
Senior Consultant

Christoph hat bei uns im Bereich Managed Service begonnen und sich dort intensiv mit dem internen Monitoring auseinandergesetzt. Seit 2011 ist er nun im Consulting aktiv und unterstützt unsere Kunden vor Ort bei größeren Monitoring-Projekten und PERL-Developer-Hells.

Weekly Snap: From Cluster IPs & Intermapper Tips to Virtual Windows XP Mode & New Course Venues

19 – 23 December bid all a Merry Christmas, with handy ideas for network monitoring, simplifying cluster source IP, using Windows XP on Windows 7 and new training course locations.
Martin S started by sharing his secret for fast network troubleshootingIntermapper displays information on the structure, status, data transfer volumes, available bandwidth and potential network problems in real-time on a network map, via SNMP.
Markus N then announced new NETWAYS training venues for 2012. Alongside courses in Nuremberg, “Icinga Availability Monitoring” is now offered in Düsseldorf and “Puppet Configuration Management” in Zurich. “Nagios Availability Monitoring” and “SLA Reporting” classes will now be held at a second Nuremberg venue, at the Park Inn Hotel. What hasn’t changed however, is our training course content and concept – intensive knowledge transfer in small groups, in a casual and hands-on environment.
Following on, Ansgar explained how to run old programs on Windows 7 in XP mode with the help of Windows Virtual PC. As long as the hardware can support the extra virtualization load, both Windows XP mode and Virtual PC can be easily downloaded and installed, alongside the desired, old programs. Thanks to the “seamless mode” and ability to access Windows 7 files, this virtual solution is makes using older applications with the XP look and feel, a breeze.
As a final Xmas contribution, Carsten showed how to change the source address of a cluster with Pacemaker. As he found the existing OCF Resource agent script, known as IPsrcaddr to be somewhat unreliable, Carsten wrote and shared his own. Once his resource agent, IPsrcaddr2 is filed in the right place, configuration of Corosync/Pacemaker a one-liner. It can then be used to set the source IP address of Icinga checks. This is handy in a two-node cluster, as the cluster IP can be used as opposed to setting both IPs in the firewall or NRPE daemons.