Version 1.2

Added security fix for Samba minimum allowed protocol.
2026-04-19 03:05:34 +00:00 · 2019-02-06 19:45:01 +01:00
parent f951868ba2
commit d76caf0b17
1 changed files with 23 additions and 0 deletions
--- a/security_fixes.sh
+++ b/security_fixes.sh
@@ -18,6 +18,7 @@
 # You can download the latest version of this script from:
 # https://github.com/MiSTer-devel/Scripts_MiSTer

+# Version 1.2 - 2019-02-06 - Added security fix for Samba minimum allowed protocol.
 # Version 1.1.1 - 2019-02-06 - Changed the name of the repository Kernel file to zImage_dtb_socfpga-4.5.
 # Version 1.1 - 2019-02-06 - Checking current Kernel release is 4.5.0-socfpga-r1 before updating it for firewalling/iptables support.
 # Version 1.0.1 - 2019-02-05 - Cosmetic changes.
@@ -226,6 +227,28 @@ else
 	echo "Samba daemon is correctly inactive at startup."
 fi

+echo ""
+if ! cat /etc/samba/smb.conf | grep -q "min protocol"
+then
+	echo "Samba minimum allowed protocol isn't configured;"
+	echo "it should be configured at least for SMB2".
+	read -p "Do you want me to fix it?? [y|n]" -n 1 -r
+	echo ""
+	case "$REPLY" in
+		y|Y)
+			sed '/\[global\]/a\\n   min protocol = SMB2\n' -i /etc/samba/smb.conf
+			sync
+			echo "Now Samba is configured with \"min protocol = SMB2\"."
+			;;
+		*)
+			;;
+	esac
+else
+	echo "Samba minimum allowed protocol is already configured."
+	cat /etc/samba/smb.conf | grep "min protocol"
+	echo "Please be sure it's at least SMB2."
+fi
+
 echo ""
 if { ! iptables -L > /dev/null 2>&1; } || [ ! -f /media/fat/linux/iptables.up.rules ] || [ ! -f /etc/network/if-pre-up.d/iptables ]
 then