How to disable CIFS Null Login sessions
In smb.conf, this is what I did:
I added / changed these lines to
map to guest = Never # Disables any login with a non-user
restrict anonymous = 2 # Disables recon potential
usershare allow guests = no # Not sure exactly what this does, but looked like a good one to set to no
Then, I also changed any guest_ok lines to no
guest ok = no
Related videos on Youtube
Admin
Updated on September 18, 2022Comments
-
Admin over 1 year
I scanned my servers on vulnerabilities recently and some ubuntu servers have following issue: CIFS NULL Session Permitted
Description: NULL sessions allow anonymous users to establish unauthenticated CIFS sessions with Windows or third-party CIFS implementations such as http://www.samba.org or the http://www.opensolaris.org/os/project/cifs-server/ . These anonymous users may be able to enumerate local users, groups, servers, shares, domains, domain policies, and may be able to access various MSRPC services through RPC function calls. These services have been historically affected by numerous vulnerabilities.
Which settings do I need to set in my smb.conf file to solve this issue?
-
user7133679 almost 6 yearsOh right, haha, then do
service smbd restart
Then, the vulnerability scanner did not detect the issue anymore. Another way to manually test is to use the net command from windows to try and do a null session. As far as I can tell, the scanner is looking to see if it can do that or login. dummies.com/programming/networking/…