From d76caf0b17dc6f1ea900b202577911bd86a6036a Mon Sep 17 00:00:00 2001 From: Locutus73 Date: Wed, 6 Feb 2019 19:45:01 +0100 Subject: [PATCH] Version 1.2 Added security fix for Samba minimum allowed protocol. --- security_fixes.sh | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/security_fixes.sh b/security_fixes.sh index 0110f9d..333bae2 100644 --- a/security_fixes.sh +++ b/security_fixes.sh @@ -18,6 +18,7 @@ # You can download the latest version of this script from: # https://github.com/MiSTer-devel/Scripts_MiSTer +# Version 1.2 - 2019-02-06 - Added security fix for Samba minimum allowed protocol. # Version 1.1.1 - 2019-02-06 - Changed the name of the repository Kernel file to zImage_dtb_socfpga-4.5. # Version 1.1 - 2019-02-06 - Checking current Kernel release is 4.5.0-socfpga-r1 before updating it for firewalling/iptables support. # Version 1.0.1 - 2019-02-05 - Cosmetic changes. @@ -226,6 +227,28 @@ else echo "Samba daemon is correctly inactive at startup." fi +echo "" +if ! cat /etc/samba/smb.conf | grep -q "min protocol" +then + echo "Samba minimum allowed protocol isn't configured;" + echo "it should be configured at least for SMB2". + read -p "Do you want me to fix it?? [y|n]" -n 1 -r + echo "" + case "$REPLY" in + y|Y) + sed '/\[global\]/a\\n min protocol = SMB2\n' -i /etc/samba/smb.conf + sync + echo "Now Samba is configured with \"min protocol = SMB2\"." + ;; + *) + ;; + esac +else + echo "Samba minimum allowed protocol is already configured." + cat /etc/samba/smb.conf | grep "min protocol" + echo "Please be sure it's at least SMB2." +fi + echo "" if { ! iptables -L > /dev/null 2>&1; } || [ ! -f /media/fat/linux/iptables.up.rules ] || [ ! -f /etc/network/if-pre-up.d/iptables ] then