====== Network Services Overview SMB ======

**General Information**

This page covers the Network Services objectives, specifically for samba (which uses the server message block protocol, or SMB). 

**Network Services Objectives**
  * Install the packages needed to provide the service
  * Configure SELinux to support the service
  * Use SELinux port labeling to allow services to use non-standard ports
  * Configure the service to start when the system is booted
  * Configure the service for basic operation
  * Configure host-based and user-based security for the service

----

====== Lab Setup ======

The following virtual machines will be used:
  * server1.example.com (192.168.1.150) -> Perform all SMB client tests from here
  * server2.example.com (192.168.1.151) -> Install the Samba Server here

----

====== Install the packages needed to provide the service ======

Install the service (server)
<code bash>
yum install samba samba-client
</code>
  * samba -> samba server
  * samba-client -> samba client utilities

Install the service (client)
<code bash>
yum install samba-client cifs-utils
</code>
  * samba-client -> samba client utilities
  * cifs-utils -> includes command needed to mount remote SMB shares

----

====== Configure SELinux to support the service ======

  * Service agnostic -> [[linux_wiki:set_enforcing_and_permissive_modes_for_selinux|Ensure SELinux is running and enabled (RHCSA objective)]].
  * **IMPORTANT**: View all label types<code bash># Install package
yum install setools-console

# View all label types
seinfo -t

# Find Samba/SMB types
seinfo -t | grep samba
seinfo -t | grep smb
</code>

----

====== Use SELinux port labeling to allow services to use non-standard ports ======

Configuring the <service-name> with a non standard port and allowing port access with selinux.

**NOTE**: "man semanage-port" has examples for allowing non-standard ports!

----

====== Configure the service to start when the system is booted ======

Check Current Service Status
<code bash>
systemctl status smb
</code>
  * Also displays if the service is enabled or disabled

\\
Enabling a service to start on boot
<code bash>
systemctl enable smb
</code>

----

====== Configure the service for basic operation ======

Enable and Start the service
<code bash>
systemctl enable smb
systemctl start smb
</code>

----

====== Configure host-based and user-based security for the service ======

===== Firewall =====

Allow access through the firewall
<code bash>
firewall-cmd --permanent --add-service=samba
firewall-cmd --reload
</code>

===== Host Based =====

Main samba config
<code bash>
vim /etc/samba/smb.conf

[global]
hosts allow = 192.168.1.
</code>
  * Allows all hosts in the 192.168.1.x network
  * Allow list over rides deny lists (if any and they conflict)
===== User Based =====

Main samba config
<code bash>
vim /etc/samba/smb.conf

[share]
valid users = dvader, yoda
write list = dvader
read list = yoda
</code>
  * valid users -> allowed to login to the service
  * write list -> users that can write, even if the share is set to read only
  * read list -> users that can read

----