Differences
This shows you the differences between two versions of the page.
linux_wiki:network_services_overview_smb [2016/10/08 18:01] billdozor |
linux_wiki:network_services_overview_smb [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Network Services Overview SMB ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | This page covers the Network Services objectives, specifically for samba (which uses the server message block protocol, or SMB). | ||
- | |||
- | **Network Services Objectives** | ||
- | * Install the packages needed to provide the service | ||
- | * Configure SELinux to support the service | ||
- | * Use SELinux port labeling to allow services to use non-standard ports | ||
- | * Configure the service to start when the system is booted | ||
- | * Configure the service for basic operation | ||
- | * Configure host-based and user-based security for the service | ||
- | |||
- | ---- | ||
- | |||
- | ====== Lab Setup ====== | ||
- | |||
- | The following virtual machines will be used: | ||
- | * server1.example.com (192.168.1.150) -> Perform all SMB client tests from here | ||
- | * server2.example.com (192.168.1.151) -> Install the Samba Server here | ||
- | |||
- | ---- | ||
- | |||
- | ====== Install the packages needed to provide the service ====== | ||
- | |||
- | Install the service (server) | ||
- | <code bash> | ||
- | yum install samba samba-client | ||
- | </ | ||
- | * samba -> samba server | ||
- | * samba-client -> samba client utilities | ||
- | |||
- | Install the service (client) | ||
- | <code bash> | ||
- | yum install samba-client cifs-utils | ||
- | </ | ||
- | * samba-client -> samba client utilities | ||
- | * cifs-utils -> includes command needed to mount remote SMB shares | ||
- | |||
- | ---- | ||
- | |||
- | ====== Configure SELinux to support the service ====== | ||
- | |||
- | * Service agnostic -> [[linux_wiki: | ||
- | |||
- | ---- | ||
- | |||
- | ====== Use SELinux port labeling to allow services to use non-standard ports ====== | ||
- | |||
- | Configuring the < | ||
- | |||
- | **NOTE**: "man semanage-port" | ||
- | |||
- | ---- | ||
- | |||
- | ====== Configure the service to start when the system is booted ====== | ||
- | |||
- | Check Current Service Status | ||
- | <code bash> | ||
- | systemctl status smb | ||
- | </ | ||
- | * Also displays if the service is enabled or disabled | ||
- | |||
- | \\ | ||
- | Enabling a service to start on boot | ||
- | <code bash> | ||
- | systemctl enable smb | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Configure the service for basic operation ====== | ||
- | |||
- | Enable and Start the service | ||
- | <code bash> | ||
- | systemctl enable smb | ||
- | systemctl start smb | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Configure host-based and user-based security for the service ====== | ||
- | |||
- | ===== Firewall ===== | ||
- | |||
- | Allow access through the firewall | ||
- | <code bash> | ||
- | firewall-cmd --permanent --add-service=samba | ||
- | firewall-cmd --reload | ||
- | </ | ||
- | |||
- | ===== Host Based ===== | ||
- | |||
- | Main samba config | ||
- | <code bash> | ||
- | vim / | ||
- | |||
- | [global] | ||
- | hosts allow = 192.168.1. | ||
- | </ | ||
- | * Allows all hosts in the 192.168.1.x network | ||
- | * Allow list over rides deny lists (if any and they conflict) | ||
- | ===== User Based ===== | ||
- | |||
- | Main samba config | ||
- | <code bash> | ||
- | vim / | ||
- | |||
- | [share] | ||
- | valid users = dvader, yoda | ||
- | write list = dvader | ||
- | read list = yoda | ||
- | </ | ||
- | * valid users -> allowed to login to the service | ||
- | * write list -> users that can write, even if the share is set to read only | ||
- | * read list -> users that can read | ||
- | |||
- | ---- | ||