Intruder's good job -- Change my root password
Andrew
My RH7.2 connecting to DSL was hacked and changed the root password, and I
am now rejected to go back home.
I've created me a full privilege user account, can I use this account to
change the root password?
How should I set high security, so that hacker can not easily intrude?
Can anybody help?! Thanks.
Andrew
Andrew
"Andrew" <and...@hotmail.com> wrote in message
news:u9nd7k4...@corp.supernews.com...
Stu
of your system you could go in and restore it, but if that's not an option
you best/safest bet is to re-install. As to how to change the root
password, boot into single user mode and run passwd. Using Lilo press
Ctrl+X and type `linux single` at the prompt, for Grub:
1. If you have a GRUB password configured, type p and enter the password.
2. Select Red Hat Linux with the version of the kernel that you wish to
boot and type e for edit. You will be presented with a list of items in the
configuration file for the title you just selected.
3. Select the line that starts with kernel and type e to edit the line.
4. Go to the end of the line and type single as a separate word (press the
[Spacebar] and then type single). Press [Enter] to exit edit mode.
5. Back at the GRUB screen, type b to boot into single user mode.
But, considering you were hacked, you should probably use the rescue disk to
get in.
Stu
"Andrew" <and...@hotmail.com> wrote in message
news:u9nd7k4...@corp.supernews.com...
David
If the system was CRACKED.
At lilo prompt enter: linux 1
When it boots it will be at a root prompt unless the CRACKER put a
password in /etc/lilo.conf
From the root prompt just run: passwd
If and/or when you get back into it. Do not put it back on a network or
the internet until you format the drive and do a clean install and it
has been secured. Without doing this you will never be sure you removed
all backdoors the CRACKER may have installed. :-(
Also be sure to get any and all updates the system needs and don't run
and/or install any services you don't need.
Here are a couple of links that might help when you start to secure it.
Armoring Linux
http://www.enteract.com/~lspitz/linux.html
A Guide to Configuring Your Linux Server for Performance, Security, and
Managability
http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS/cHTML/TrinityOS-c.html
Not a fun task.
Hope this helps.
--
Confucius say: He who play in root, eventually kill tree.
Registered with the Linux Counter. http://counter.li.org
ID # 123538
Michael Heiming
> My account user group is set to root. Does it help?
No
> "Andrew" <and...@hotmail.com> wrote in message
> news:u9nd7k4...@corp.supernews.com...
>> Can anybody lead me back to my home?
>> My RH7.2 connecting to DSL was hacked and changed the root
[...]
Please read the cols FAQ:
5.6) I've been compromised, what should I do?
http://www.linuxsecurity.com/docs/colsfaq.html#5.6
Michael Heiming
PS: Please don't top post
--
Remove the +SIGNS case mail bounces.
Andrew
Andrew
"Stu" <s...@santa-li.com> wrote in message
news:9XOm8.355719$pN4.23...@bin8.nnrp.aus1.giganews.com...
> If someone got in there is no telling what they did. If you have a backup
> of your system you could go in and restore it, but if that's not an option
> you best/safest bet is to re-install. As to how to change the root
> password, boot into single user mode and run passwd. Using Lilo press
> Ctrl+X and type `linux single` at the prompt, for Grub:
>
What is single user mode? I login as my account, the run passwd. It prompts
me to change my account password. I think I may be in the wrong way.
I don't set GRUB a password. Then, what should I do?
Stu
system, that user can access the system using the keyboard and monitor
attached--so, if you boot into single user mode, the user at the keyboard is
assumed to be root, no password is necessary. Then you can change root's
password. As to your second question, if you didn't set up a password for
Grub, then skip #1 and start at #2.
Also, I read in the other thread that you set your account to be in the
group root. That's not a good idea, you can do some real damage with your
personal account now--because you in effect are logging in as root (or as
close to root as you can get). If you need to do administrative tasks you
should su to root, do the tasks, then exit when you are done.
Stu
"Andrew" <and...@hotmail.com> wrote in message
news:u9nnjms...@corp.supernews.com...
Andrew
"Stu" <s...@santa-li.com> wrote in message
news:YARm8.122907$1g.94...@bin3.nnrp.aus1.giganews.com...
David
> I don't know where the logfiles is.
>
They are in: /var/log
Matthew Miller
>My account user group is set to root. Does it help?
Ooh, don't do that. That could be a security problem in itself.
--
Matthew Miller mat...@mattdm.org <http://www.mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
Bill Unruh
]Can anybody lead me back to my home?
]My RH7.2 connecting to DSL was hacked and changed the root password, and I
]am now rejected to go back home.
]I've created me a full privilege user account, can I use this account to
]change the root password?
]How should I set high security, so that hacker can not easily intrude?
Disconnect the machine from the net immediately.
Make sure you have a good backup of your home, etc partitions. From
befor the break prefereably.
Erase at least / and /usr.
reinstall.
recover your stuff in /home
Make sure you change your passwords, every one of them.
run
find /home -perms +6000 -ls
every one of those files is probably a backdoor.
Check them and remove them if so, or if you do not recognize them.
ERA
<and...@hotmail.com> wrote:
+ Can anybody lead me back to my home? My RH7.2 connecting to DSL was
+ hacked and changed the root password, and I am now rejected to go
+ back home. [...]
NOTE: Proper NG for this is comp.os.linux.security so I have set the
Followup for *this reply* to that group and added that group. When
cross-posting it is proper to always set a specific group for the
Followup messages.
Your Linux, UNIX, etc. box has been cracked. What now?
1. Disconnect the infected system NOW! Don't wait.
2. Get *all* patches for your OS version a.s.a.p. (Now! Today!)
3. Save the patches to another system / drive / CDR / etc.
4. BACKUP ANY DATA YOU NEED TO KEEP.
4a. (Suggested by Pep <PepMo...@netscape.net> 12-21-2001)
Do not include any binary programs in your backup as these
may have been compromised. You should re-install binary
programs and libraries from their original medium.
5. Wipe the OS partition / drive clean.
(You are unlikely to be able to clean up a compromised system by
hand. So, grit your teeth and reformat that sucker.)
5a. (Suggested by Andreas Braeutigam <ab...@freenet.de> 02-26-02)
(This is *not* an exact quote but is a paraphrase)
Reformat may give the wrong impression that a time consuming
format of the entire drive is needed. Rather than reformat
the entire drive wipe out the MBR, partition boot sectors
root partition and any other partition containing executable
files that may be compromised.
6. Reinstall the OS + apps and restore data to the clean partition /
drive.
6a. (Suggested by Bill Unruh <un...@physics.ubc.ca> 12-21-2001)
Then, scan all of the files which you saved for suid
programs:
find / -perm +6000 -ls
6b. (Suggested by Bill Unruh <un...@physics.ubc.ca> 12-21-2001)
Make sure that each of those files which are reported
should actually be suid or sgid.
If they are system files, check them with:
rpm -Vf /name/of/file
If they are in your or others home directories, they almost
certainly should not be suid, especially not suid root.
For example a file in /tmp, or in /usr/share/man should
never be suid root.
6c. (Suggested by Pep <PepMo...@netscape.net> 12-21-2001)
When you restore your backup, check all system configuration
files that are restored for any cracks that may have already
been incorporated into these files.
6d. (Suggested by Bill Staehle <withheld on req.> 01-07-2002)
find / \( -nouser -o -nogroup \) -exec ls -lad {} \;
and if anything turns up, determine _why_ the user and/or
group is not in /etc/passwd and/or /etc/group. Who _really_
owns those files/directories? What are they?
7. WHILE OFFLINE install all the patches.
8. Create your own, unique hidden directory and 'cp' files to it
that are essential to system maintenance like 'ls', 'netstat',
'route', 'ifconfig', 'ps', etc.
(Should you be cracked again, God forbid, as long as you don't
have a compromised kernel this will allow you to use these copies
to "see" what a cracker may have done.)
8a. (Suggested by Andreas Braeutigam <ab...@freenet.de> 02-26-02)
I'd rather store those copies on a separate system or a
non-writeable medium. [like a CD-R, floppy diskette with
write protect on, etc.]
8b. (Suggested by Pep <PepMo...@netscape.net> 12-21-2001)
Check your final installation to see that all known security
bugs have been addressed. There are various utilities that
you can get to help with this, such as port scanners; etc.
8c. (Suggested by Pep <PepMo...@netscape.net> 12-21-2001)
Install some of the security monitors that exist out there.
I can't give you the names of all of these but there are
monitors like portsentry that constantly scan for connections
to your system, also there are other utilities that
constantly check your system logs and ones that constantly
check the system configuration files for any modifications of
content and/or permissions.
8d. (Suggested by Bill Staehle <withheld on req.> 01-01-2002)
[It] would be better if the program files you put into that
hidden directory are statically compiled, and not using the
possibly corrupted dynamic libraries. It also assumes that
the kernel doesn't get messed with. _At this time_ these
concerns are not big, but why not stay ahead?
8e. (Suggested by James Knott <james...@rogers.com> 01-02-02)
Mount as much of your filesystem as possible as read only. If
the crackers can't write to a partition, they can't change
it. Rename and hide su etc. [as suggested in 8].
9. Then, and only then, set the box up to get online.
10. (Suggested by Pep <PepMo...@netscape.net> 12-21-2001)
Finally, design and implement a regular backup procedure,
something you should already have done, so that you can limit
any future problems you might have with your system, whether from
cracking; bad configuration; system failure or simply bad users.
10a. (Suggested by Bill Staehle <withheld on req.> 01-01-2002)
[For further security] you could have another system sitting
off a separate network, that randomly grabs a file off of
this box, and does a file comparison externally. If that
other system is not accepting ANY connections from ANYWHERE,
it makes a better intrusion detection system.
What if you have only one machine with one OS installed? You still
need to disconnect, backup and reinstall. To get the patches ask a
friend or acquaintance with a secured system to help download the
patches. Or see if your OS vendor offers the current patches on CD.
If so, order it.
For further reference see the comp.os.linux.security FAQ:
http://www.linuxsecurity.com/docs/colsfaq.html
Finally, if all this is too much for you to handle alone consider
hiring an expert to assist you or to do it for you. However, be aware
hiring a consultant that is able to help will probably *not* be
inexpensive. For Linux and UNIX consultants in your area check These:
http://www.pcunix.com/consultants.html
http://wdb1.caldera.com/sdir_web/owa/ptrLocator.search
http://www.redhat.com/products/purchase_options/find_reseller.html
("-" Suggested by Bill Staehle <withheld on req.> 01-07-2002)
-ftp://ftp.cc.gatech.edu/pub/linux
-ftp://ftp.freesoftware.com/pub/linux/sunsite
-ftp://ftp.flash.net/pub/mirrors/metalab.unc.edu/pub/Linux
-ftp://ftp.yggdrasil.com/mirrors/sunsite
-ftp://ibiblio.org/pub/Linux
-
-Those are anonymous FTP servers. Log in as anonymous, with your
-email address as password, and change to the indicated directory.
-Look for the file "MIRRORS" to find a list of other servers that
-may be more accessabhle to you. Then continue down from this
-directory to ./docs/linux-doc-project/linux-consultants-guide/
-and get one of the versions of the Consultants-Guide:
-
-Consultants-Guide.html.tar.gz
-Consultants-Guide.pdf
-Consultants-Guide.ps.gz
-Consultants-Guide.sgml.gz
-Consultants-Guide.txt
Certified or Authorized resellers and/or consultants will be the
ones most likely to be able to assist you. Those well versed in
Linux and/or UNIX are usually capable of handling the "lesser OS's"
as well.
Finally, NEVER use the word "hacking" to describe "cracking" as there
is a significant difference between a "cracker" and a "hacker". See:
http://www.tuxedo.org/~esr/jargon/html/entry/cracker.html
http://www.tuxedo.org/~esr/jargon/html/entry/hacker.html
Most of all Good Luck!
Gene <ge...@eracc.hypermart.net>
Caldera Authorized Partner - OpenServer 5+, UnixWare 7+ & OpenLinux
--
Owner and C.E.O. - ERA Computer Consulting - Jackson, TN USA .
OS/2, UnixWare, OpenServer & Linux Business Computing Solutions .
Please visit our www pages at http://eracc.hypermart.net/ .
We run IBM OS/2 v.4.00, Revision 9.036
Sysinfo: 44 Processes, 178 Threads, uptime is 11d 23h 41m 25s 301ms
Andrew
In the new installation, I have to first disable all the services except the
basic. I have another machine connecting internet through this Linux box,
which connecting internet through ADSL. What services do I have to keep
enabled in setup? so that crackers can't easily crack my server.
Andrew
"ERA" <e...@eracc.hypermart.net> wrote in message
news:gWtomC2dEjRt-pn2-IMudUSJNdJQs@era0...
Jody L. Whitlock
hosts.allow and hosts.deny files???? Darned, nowadays, Linux is almost as
buggy as Windows! I miss my Slakware, nice, and easy and seure..........
Christopher Browne
> Can anybody lead me back to my home?
> My RH7.2 connecting to DSL was hacked and changed the root password, and I
> am now rejected to go back home.
> I've created me a full privilege user account, can I use this account to
> change the root password?
> How should I set high security, so that hacker can not easily intrude?
Security is not something you can set "high," "medium," and "low."
The notion of "setting high security" is completely silly.
It is a property that emerges from the design of your system.
What you're likely going to have to do is to:
a) Disconnect your system from the Internet;
b) Figure out what was broken;
c) Reinstall from scratch, making sure that what was broken isn't
anymore.
That doesn't correspond in any meaningful way to "setting high
security."
--
(concatenate 'string "cbbrowne" "@ntlug.org")
http://www3.sympatico.ca/cbbrowne/security.html
"It's like a house of cards that Godzilla has been blundering through."
-- Moon, describing how system messages work on ITS
Andrew
Then, what do I have to do after reinstalling, so that my machine will not
be so easily cracked again?
Any suggestions? Thanks.
Andrew
Christopher Browne
> Understand.
> Then, what do I have to do after reinstalling, so that my machine will not
> be so easily cracked again?
> Any suggestions? Thanks.
You'll have to find what caused it to be cracked in the first place,
and ideally do so _before_ reinstalling. Absent of knowledge of what
allowed the crack, it would be disingenous for me to even hazard a
guess.
--
(concatenate 'string "aa454" "@freenet.carleton.ca")
http://www3.sympatico.ca/cbbrowne/x.html
Rules of the Evil Overlord #34. "I will not turn into a snake. It
never helps." <http://www.eviloverlord.com/>
Andrew
to clean up what he's just done before he leaves :-)
Therefore, both log and history file have been empty. How can I know how my
home has been broken in?
Can you tell me how crackers usually intrude a server? Thanks.
"Christopher Browne" <cbbr...@acm.org> wrote in message
news:m3zo0x9...@chvatal.cbbrowne.com...
Gertjan Vinkesteijn
All the programs that are listed as services under xinetd, they are in
/etc/xinetd.d, are attackable, so we are talking about ftp, telnet, ssh,
samba, nfs, etc.
You can check your services with the program SAINT the successor to
SATAN, you can obtain it from http://www.wwdsi.com/saint/
Further, yuo should have a firewall, IPTABLES, during installation you
can set it to light, medium or heavy. Other ipchains or iptables scripts
can be obtained from the net, or from the tarball ADSL4Linux.tar.gz as
anonymous ftp from my computer, it has a few firewall scripts:
gershwin.xs4all.nl also saint.3.1.4.tar.gz can be obtained from here.
If you have lost your su-password, start your computer in single mode:
linux 1, and reset again. Also by installion choose for MD5 passwords,
then your passwords can be longer than 8 bytes.
-- Gertjan
Andrew wrote:
> No footprints on the snow! Nostradamus should have known a cracker has had
> to clean up what he's just done before he leaves :-)
> Therefore, both log and history file have been empty. How can I know how my
> home has been broken in?
> Can you tell me how crackers usually intrude a server? Thanks.
>
>
>
-------------------------------------------------------------
Please use PGP in sending mail to me, send your public first
mine is an ring-8 rsa key, good for gringo's also, no offense
Andrew
Which unnecessary services do I have to disable? but I want to use ssh,
ftp, http, smb. Are these all the unsafe services? How can I use them
safely?
I don't know what MD5 password is, can you tell me?
Andrew
.
"Gertjan Vinkesteijn" <pls_use_...@xs4all.nl> wrote in message
news:3C9F3C1C...@xs4all.nl...
c...@bluemouth.localdomain.net
> Thanks, Gertjan.
> Which unnecessary services do I have to disable? but I want to use ssh,
> ftp, http, smb. Are these all the unsafe services? How can I use them
> safely?
> I don't know what MD5 password is, can you tell me?
>
> Andrew
There is a 'secure ftp' also, sftp. Don't know about http or smb.
...<snip>...
--
Replace ragwind.localdomain with rahul for a working email address
Jorey Bump
> Thanks, Gertjan.
> Which unnecessary services do I have to disable? but I want to use ssh,
> ftp, http, smb. Are these all the unsafe services? How can I use them
> safely?
Ed Blackman
> Which unnecessary services do I have to disable?
All of the ones that you're not actively using.
> but I want to use ssh, ftp, http, smb. Are these all the unsafe services?
ssh is secure, modulo a few recently discovered bugs. Get the updated
version of the ssh packages from the company that puts out your
distro. Also, don't use protocol version 1 unless you have to. If
you don't know what protocol version 1 is, you're most likely not
using it: edit /etc/ssh/sshd_config and add a line (or change an
existing line) that says "Protocol 2".
ftp is insecure. All of the information you send back and forth is
sent in the clear: anyone with the capability to sniff your network
traffic can easily find out your account name and password. Anonymous
ftp isn't too bad, if you set it up in a chroot jail, but they can be
tricky for a novice to set up and maintain. Why do you want to run an
FTP server? To allow remote downloads by other people? Consider
serving your files via HTTP. To allow remote downloads and uploads by
you? Consider using scp, part of the ssh package. ssh also comes
with sftp, but I haven't used it, and don't know how well it is
supported on the client side.
http (presumably Apache) is moderately secure. The default mode is
clear text, but unautheniticated, so there's little chance of your
account name and password flowing in the clear, unless you
deliberately do so. https isn't that hard to do, if you find some good
documentation (I used the O'Reilly Apache book the first time I set it
up).
I don't know enough about smb to speak authoritatively. But again,
what are you trying to do? Do you want anyone on the Internet to be
able to map a directory you have shared? Probably not.
> I don't know what MD5 password is, can you tell me?
A full explanation would be kind of technical, and might be more
confusing than enlightening. Suffice to say that MD5 passwords allow
you to choose passwords that are more secure than you could if you
used traditional Unix passwords. Most distros these days use them by
default.
Ed
Andrew
"Ed Blackman" <ne...@edgewood.to> wrote in message
news:slrna9vt6...@loghyr.farmgate...
> On Mon, 25 Mar 2002 12:42:21 -0500, Andrew wrote:
> > Which unnecessary services do I have to disable?
>
> All of the ones that you're not actively using.
>
> > but I want to use ssh, ftp, http, smb. Are these all the unsafe
services?
>
> ssh is secure, modulo a few recently discovered bugs. Get the updated
> version of the ssh packages from the company that puts out your
> distro. Also, don't use protocol version 1 unless you have to. If
> you don't know what protocol version 1 is, you're most likely not
> using it: edit /etc/ssh/sshd_config and add a line (or change an
> existing line) that says "Protocol 2".
>
ssh is the only one I can use now. How can I update it so that it becomes
safe?
> ftp is insecure. All of the information you send back and forth is
> sent in the clear: anyone with the capability to sniff your network
> traffic can easily find out your account name and password. Anonymous
> ftp isn't too bad, if you set it up in a chroot jail, but they can be
> tricky for a novice to set up and maintain. Why do you want to run an
> FTP server? To allow remote downloads by other people? Consider
> serving your files via HTTP. To allow remote downloads and uploads by
> you? Consider using scp, part of the ssh package. ssh also comes
> with sftp, but I haven't used it, and don't know how well it is
> supported on the client side.
>
To run a ftp server is only for my convenience. I can download and upload
something I need when being remote. How can I make it more secure?
ssh may the better to sftp, but I don't know how to use it.
> http (presumably Apache) is moderately secure. The default mode is
> clear text, but unautheniticated, so there's little chance of your
> account name and password flowing in the clear, unless you
> deliberately do so. https isn't that hard to do, if you find some good
> documentation (I used the O'Reilly Apache book the first time I set it
> up).
>
> I don't know enough about smb to speak authoritatively. But again,
> what are you trying to do? Do you want anyone on the Internet to be
> able to map a directory you have shared? Probably not.
smb is only for my local access. I don't expect it can be shared through
internet. If so, it's terrible. Then, how can I share it for local only, but
not for internet?
Thanks
Nico Kadel-Garcia
> Thanks, Ed. Your explanation is well understood.
>
> "Ed Blackman" <ne...@edgewood.to> wrote in message
> news:slrna9vt6...@loghyr.farmgate...
> > On Mon, 25 Mar 2002 12:42:21 -0500, Andrew wrote:
> > > Which unnecessary services do I have to disable?
> >
> > All of the ones that you're not actively using.
> >
> > > but I want to use ssh, ftp, http, smb. Are these all the unsafe
> services?
> >
> > ssh is secure, modulo a few recently discovered bugs. Get the updated
> > version of the ssh packages from the company that puts out your
> > distro. Also, don't use protocol version 1 unless you have to. If
> > you don't know what protocol version 1 is, you're most likely not
> > using it: edit /etc/ssh/sshd_config and add a line (or change an
> > existing line) that says "Protocol 2".
> >
>
> ssh is the only one I can use now. How can I update it so that it becomes
> safe?
Update to openssh-3.1p1. Most vendors have published fresh packages for this
as part of their OS updates, especially RedHat.
> > ftp is insecure. All of the information you send back and forth is
> > sent in the clear: anyone with the capability to sniff your network
> > traffic can easily find out your account name and password. Anonymous
> > ftp isn't too bad, if you set it up in a chroot jail, but they can be
> > tricky for a novice to set up and maintain. Why do you want to run an
> > FTP server? To allow remote downloads by other people? Consider
> > serving your files via HTTP. To allow remote downloads and uploads by
> > you? Consider using scp, part of the ssh package. ssh also comes
> > with sftp, but I haven't used it, and don't know how well it is
> > supported on the client side.
> >
>
> To run a ftp server is only for my convenience. I can download and upload
> something I need when being remote. How can I make it more secure?
> ssh may the better to sftp, but I don't know how to use it.
From a Windows client, get and use "winscp2", available from pointers at
www.openssh.org. For UNIX clients, when you install openssh-3.1p1, you will
also get the sftp binary. Use that much as you would a normal ftp client.
> > http (presumably Apache) is moderately secure. The default mode is
> > clear text, but unautheniticated, so there's little chance of your
> > account name and password flowing in the clear, unless you
> > deliberately do so. https isn't that hard to do, if you find some good
> > documentation (I used the O'Reilly Apache book the first time I set it
> > up).
> >
> > I don't know enough about smb to speak authoritatively. But again,
> > what are you trying to do? Do you want anyone on the Internet to be
> > able to map a directory you have shared? Probably not.
>
> smb is only for my local access. I don't expect it can be shared through
> internet. If so, it's terrible. Then, how can I share it for local only,
but
> not for internet?
>
> Thanks
Carefully configure your Samba not to permit access from outside your local
network, and make sure that your upstream switch or router blocks the
necessary ports (137 and 139).
those who know me have no need of my name
>ssh is the only one I can use now. How can I update it so that it
>becomes safe?
if you have a glibc 2.2 rpm4 based system you can get rpm's from
<ftp://ftp.openbsd.com/pub/OpenBSD/OpenSSH/portable/rpm/RH72>.
but, there is no way to be sure you are safe. you could update, and
tomorrow an exploit might be found which would be just as bad. (i'm not
saying that you should not update, but that updating isn't the only
thing you need to do. you have to keep an eye on things.)
>> ftp is insecure. All of the information you send back and forth is
>> sent in the clear:
this is not true. there are secure ftp implementations, such as those
provided with kerberos or srp.
>> Anonymous
>> ftp isn't too bad, if you set it up in a chroot jail, but they can be
>> tricky for a novice to set up and maintain.
you need to take care here too, beyond getting the jail created
properly. the daemon might contain flaws that allow remote users to
obtain root, and on many systems you can break out of the jail once you
are root.
>To run a ftp server is only for my convenience. I can download and upload
>something I need when being remote. How can I make it more secure?
>ssh may the better to sftp, but I don't know how to use it.
openssh comes with two solutions, scp and sftp. the documentation for
both is part of the package, but in essence to send files to your server
you type ``scp files userid-on-server@server-hostname:'' or to retrieve
files from your server you type ``scp
userid-on-server@server-hostname:files .''. sftp works like ftp.
>> I don't know enough about smb to speak authoritatively. But again,
>> what are you trying to do? Do you want anyone on the Internet to be
>> able to map a directory you have shared? Probably not.
>
>smb is only for my local access. I don't expect it can be shared through
>internet. If so, it's terrible.
if you configured smb correctly then it will require authentication
before allowing access to any resources. data isn't encrypted, so if it
is important that the data remain confidential you should use something
else, e.g., ssh.
--
bringing you boring signatures for 17 years