Using fail2ban to stop brute-force attacks on Samba-server?

One of the facilities which Linux systems have, at least under Debian / Jessie and Debian / Stretch, is a package named ‘fail2ban‘, which can be configured using ‘root’ privileges on a host-machine, to protect specific services against brute-force attacks. This package relies on the ‘iptables’ command-line, but is highly adaptable to give different levels of security. If an attacker has failed too many times, to guess at the log-in credentials of a given server / user-id, that attacker is banned for a specified amount of time. And, because of that amount of time, brute-force attacks would become ineffective, at guessing the log-in.

I have fail2ban set up out-of-the-box, to protect my ‘ssh’, my ‘apache’, and my ‘vsftp’ servers. But one fact which many people have lamented, is that there is no packaged recipe, to protect Samba servers. One reason for this omission, is the mere fact that a Samba server should never be exposed to the Internet, i.e., the WAN, only to the LAN.

But just last night it happened to me, that two Android devices were running security software which had recently been updated, and that both these Android devices sounded an alarm simultaneously, indicating that my Home-WiFi had been hacked. I understood that these alarms could have been false-positives at the time, but just in case they were not, I decided to button down access to my computers, which is granted to members of my Home-LAN, even if those members appear to be authenticated into my LAN. One of the tasks which I assigned myself was, to reduce write-access to Samba shares even to authenticated members, by way of Usershares. And another measure which I undertook, was to devise my own recipe, to extend the protection that fail2ban gives, to include Samba servers.

Long story short, the two simultaneous alarms were in fact false-positives, which can be recognized by the fact that on both Android devices, the alarms became silent, as soon as a (very hurried) update was downloaded and installed, only to the security software which was giving the alarms. But now, I seem to have a recipe left over from last night, for securing my Samba server against brute-force attacks, using fail2ban…

Continue reading Using fail2ban to stop brute-force attacks on Samba-server?

Mozilla Printers List continuously Reloads, and alternately shows a Network Printer as Existing and Not.

I recently ran into an error condition, in which on my Linux laptop ‘Klystron’, I had pulled up a Printers List within Firefox, to Print out a Web-page. And the list of available printers kept updating, alternately with a network printer displayed as existing, and with the same printer missing, just over once per second.

I was able to get to the root of this problem.

I had recently installed the package ‘avahi-daemon’ on that laptop, prior to which that error condition did not occur. ‘avahi’ is a service-discovery daemon, which means that it scans the network neighborhood, and makes shared resources visible in the lists of GUI applications, where those resources might normally not be visible under Linux.

The cause of this problem seems to be, that if more than one resource exists by the same name, Firefox will continuously be in a state of confusion, about the fact that both resources should exist side-by-side.

For example, it is possible to have a printer named ‘PIXMA_MX922′, which is a WiFi-printer and which is therefore accessible directly on the LAN, by way of the router. It could be installed directly on all the computers by way of CUPS. But at the same time it is possible to have a server set up which is named ‘Phoenix’, the CUPS service of which has that printer installed directly, as well as having the ‘Samba server’ installed, which offers to share all the local printers as a Samba share by the same name, by default.

Next, if we have a laptop named ‘Klystron’, which is running the ‘avahi-daemon’, then according to its new discovery capabilities, there are at least two printers on the same network,

  • ‘PIXMA_MX922 As installed on the LAN’ and
  • ‘PIXMA_MX922 As belonging to the Samba server Phoenix’

As far as I can tell, the problem here is that both printers will have the same name, because the Samba server serves it out as having the same name it had locally with its own CUPS server. And at that point, the Available Printers List belonging to Firefox becomes unstable.

There is more than one way to solve this problem.

Continue reading Mozilla Printers List continuously Reloads, and alternately shows a Network Printer as Existing and Not.