Ah, the Power of Linux!

Thursday, February 2, 2012
So, as a little back story, I am in an Applied Security Concepts class for computers.  In this class, we learn how various attacks work by performing them so that we know how to better defend against them.  The way that we do this, is that we have a computer lab that is built to run multiple virtual networks (completely severed from the Internet) that run with however many virtual machines we need for any given situation.

To be blunt, if we need a new program on these virtual systems, it is a pain, we need to run the virtual system on a VMWare Player, install the program, and then upload the newly changed program onto the network.  And if you want a text file, you must import it as an image, onto each machine MANUALLY.

I have learned something completely awesome that has helped make this task infinitely easier.  Every time I deploy a network of various OSs which I mean to destroy or utilize to destroy the others, I always deploy a CentOS machine.  Why?  It's simple, on CentOS I can build a Samba server for that particular network so that we only need to upload an image with a file once.  Why Samba?  Samba is an server system that allows you to host and serve files from a Linux system to Windows computers.

In other words, instead of adding the files machine by machine, I put the files on CentOS in my server file, from there, all I need to do on the other machines is type in the IP of the CentOS machine (which is easily found under either eth0 or eth1, whichever you have, after inet addr:  when you type in "ifconfig" in the terminal), and voila!  It takes me to the server and I can grab the files and run them back in forth should I feel the need to compile something without having to go through the tedious process of installing MinGW and uploading a new virtual machine.

This is my simple barebones guide, this server will have little security.  Also, as much as I wish I was, I am not a Linux guru, so the IP address in the iptables portion will have to be manually put in unless you know a way in which to grab the current IP address as a variable and put it in that way.  If you do, please let me know how!

From Scratch

Install Samba:

#yum install samba

Change Firewall Specifications to Allow Use of Proper Ports:

in /etc/sysconfig/iptables add these lines of code:

-A INPUT -s serveripaddress/24 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A INPUT -s serveripaddress/24 -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT
-A INPUT -s serveripaddress/24 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A INPUT -s serveripaddress/24 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A INPUT -s serveripaddress/24 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT

Restart iptables:

#service iptables restart

Change Start Up Configuration to Start Samba Automatically:

#chkconfig smb on
#service smb start

Create Group:

#groupadd -g 10000 groupname

Make Directory that Hosts Samba Share:

#mkdir /home/sharename

Work Around SELinux:

#chcon -t samba_share_t /home/sharename

smb.conf File and Edit file with New Definitions:

  #vi /etc/samba/smb.conf

Add these parameters and edit them according to your needs I believe global exists already though:

workgroup = WORKGROUP
server string = samba
security = user/share/domain
passdb backend = tdbsam
load printers = no

comment = comments about share
path = /home/sharename
valid users = (add each with a space)
writable = yes
public = no

test these new definitions for errors:


Restart smb Service to Ensure Changes Are Saved:

#service smb restart

Adding Users:

#useradd -G groupname -u 1000(<--this is the user id, make it unique!) -M -s /sbin/nologin username
#passwd username
type in new password as directions show

create samba account:

#smbpasswd -a username
type in new password

confirm the user was added:
pdbedit -w -L

Log in by going to windows directory page and typing in server ip address