The Samba daemon allows system administrators to configure their Linux systems to share file systems and directories with Windows desktops. Samba will advertise the file systems and directories via the Server Message Block (SMB) protocol. SMB v1 is a an insecure protocol that's used as a vector to carry out Wannacry ransomware, so setting SMB2 as min protocol in /etc/samba/smb.conf will not allow SMB v1 for communication between server and client. Fixing this misconfiguration will set SMB2 as min protocol.
Severity
important
Category
Linux - Insecure Services
Resolution
Follow the below steps to resolve the misconfiguration.
Open the samba configuration file /etc/samba/smb.conf and find the [global] section,
then append the following line:
min protocol = SMB2
Potential issues that may arise after applying the resolution
Altering the existing security setting may create the following impact in your network operations. Legacy protocols are present to support operations of legacy applications and services. Disabling them would cause those applications to stop functioning.
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.
