Samba [SOLVED]

[bitsnpcs]

Hello,

this week there were quite a few updates for Samba.

I noticed tonight when checking UFW, there were Samba rules that bypass the default Deny incoming, by having an "allow connections from ANYWHERE" in capitals like this from a range of ports.

Ufw would not allow editing of this rule saying Ufw had made the rule.

I removed these rules rebooted and checked again if they had enabled on startup, they are currently not enabled, I will keep an eye on it.

I would suggest everyone checks their current ufw status to ensure it is not allowing access from anywhere to their system since these updates from Ubuntu.

[newtusmaximus]

Thank you.  Please advise where I can find the procedure for checking this ?



UPDATE
Have installed latest updates just now.

menu/settings/Firewall configuration    Status On    DENY Incoming    ALLOW outgoing    RULES -  BLANK

Therefore presume my pc has not been vulnerable? as no rules evident

Is that a correct assumption??

[bitsnpcs]

I noticed it first when checking this way in terminal

Code:

sudo ufw status verbose

You can find more details of it at https://help.ubuntu.com/community/UFW

I then checked graphically  Menu>Settings>Firewall Configuration
entered password.
In the GUI clicked the tab "Rules" and seen the two rules that had been added.
I used the Minus symbol at the base of GUI to remove them.

I also went back to terminal for help on those before deleting rules, there were 6 active connections, 4 dropped whilst I was checking it, 2 remained until after the rules were deleted and until I restarted the computer. I have seen no connections in checks since.

I am unsure if it is related to those connections/rules, or whether it is currently being upgrading, or whether it was attacked, but the help manual in the main menu does not work now, when clicked it now opens and displays as a text document file on the desktop, showing the html and css.

I will look around the computer tonight and see if I can find any other changes.

[bitsnpcs]

Thank you.  Please advise where I can find the procedure for checking this ?



UPDATE
Have installed latest updates just now.

menu/settings/Firewall configuration    Status On    DENY Incoming    ALLOW outgoing    RULES -  BLANK

Therefore presume my pc has not been vulnerable? as no rules evident

Is that a correct assumption??

Yes this sounds good, it is how it should look.

Keep in mind I check for updates several times per session, first thing after startup, before shutdown, and during the session etc.
Does your help manual in the main menu work currently ?

[paul1149]

Good catch, bitsnpcs. My ufw was in the same open state, whereas before (with LL 3,2, I didn't check after the 3.4 upgrade) I only allowed access from the LAN here.

[bitsnpcs]

Hello paul1149,

I am glad it was helpful.

[newtusmaximus]

bitsnpcs,

HP dc7700p LL3.4 64bit

A )SAMBA  Help seems to be working OK , also all links correct    via menu/setting/  Config. Firewall

Terminal

-HP-Compaq-dc7700p-Ultra-slim-Desktop:~$  sudo ufw status verbose
[sudo] password for lHP-Compaq:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
HP-Compaq-dc7700p-Ultra-slim-Desktop:~$

Not sure what the signiifcance of "New profiles - Skip"

Assuming  my pc not effected, then why yours and others??  I am updating regularly as notified.

[Ottawagrant]

In UFW I don't have any added rules in either x32 or x64 copies of Linux Lite 3.6. Both my 32 & 64bit LL's are fresh installs. Even though you can upgrade I usually do a fresh install. Only because I have the time & for no other reason. Using my HP Compaq 7900's right now. This is an interesting one.

[newtusmaximus]

Just checked the two family laptops after updates.  Neither show any additional scripts .  The V3405  route was fresh install of 3.2 32 bit eventually  upgraded to 3.4 32 bit.  The Si1520 was a fresh install of 3.4 64bit.

[bitsnpcs]

Hello newtusmaximus,

in the

Code:

man ufw

under "Application Integration" section it says the new profiles skip, my understanding (which may be wrong) that -
1/you can add rules to allow the applications to pass the firewall.
2/ without adding the specific rule to allow an application "ufw allow<app name>" then default is to skip, the process of adding new rules for applications.

I think it means for example if a rogue app decided to add its own rules to bypass the firewall it wouldn't allow this as the sudo user has not entered the rule specifying the app/software by name in terminal ?

I don't know why it has happened to mine and others, yet not yours, but its good it didn't happen 


Hello Ottawagrant,

Good to read you have not had the rules added 

I also have not added any rules, there were only the default rules until these appeared.
I have done both ways, upgrading in the 2.n series. A clean install in 3 series, as I had first installed quite soon before the next version.

In the Install Updates last week there was almost a full GUI of Samba updates from Ubuntu repo, I think 1 or 2 lines short of a full window.
If it was something that came down in the Ubuntu repo updates would this have went out to every distro based on Ubuntu ?