Topic: How to anonymize the console login and samba share

[linuxhelp]

Hi all

how can i suppress the (SME SERVER) Banner inside TTY or
on Samba shares the user should not know that there is no
real M$ Server

changes on /etc/issue don't work

which smb.conf must i change?

thanks
sorry iam a old debian user...

[mmccarn]

Looks like config setprop smb ServerString New\ Server\ Name

(See http://wiki.contribs.org/DB_Variables_Configuration#Samba_.28smbd.29)

[thomasch]

Hi all

how can i suppress the (SME SERVER) Banner inside TTY or
on Samba shares the user should not know that there is no
real M$ Server

changes on /etc/issue don't work

which smb.conf must i change?

thanks
sorry iam a old debian user...

1. To change console login text you need to change your server name.
the easiest way is to login as admin in console and change your server name from there.

2. To change the server string (shown in My Network Places/Network Neighborhood) :
Read DB Variables Configuration HowTo
http://wiki.contribs.org/DB_Variables_Configuration#Samba_.28smbd.29

Code: [Select]

config setprop smb ServerString PutYourServerStringHere
signal-event post-upgrade
signal-event reboot
PS : The howto is incorrect.
The HowTo http://wiki.contribs.org/DB_Variables_Configuration#Samba_.28smbd.29says to do a signal-event conf-logondrive after config

The command is incorrect/outdated

The result of the command is : Can't open directory /etc/e-smith/events/conf-logondrive.

Anybody care to edit the wiki to correct it?
I don't have access to wiki as my access is not granted by docteam /yet

[linuxhelp]

Many thanks to you all,

short question the strategy is not easy to learn without a "inside" manual

is there a good howto for customizing sme?

Adv. of. SME

easy setup
easy raid
easy webmailserver
very secure server after setup
Dis.
new strategy of administration, some tricky..
much english howtos but no good german howtos

is there a howto to run two sme server as failover-cluster?

sme.. i like it

[raem]

linuxhelp

Is this enough reading material for you ?

http://wiki.contribs.org/Main_Page
http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual
http://wiki.contribs.org/SME_Server:Documentation:User_Manual
http://wiki.contribs.org/SME_Server:Documentation:Developers_Manual
http://wiki.contribs.org/SME_Server:Documentation:FAQ
http://wiki.contribs.org/SME_Server:Documentation
http://wiki.contribs.org/index.php?title=SME_Server:Documentation:Technical_Manual:Booklet
http://wiki.contribs.org/Category:Contrib
http://wiki.contribs.org/Category:Howto
http://bugs.contribs.org/
http://forums.contribs.org/
http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/
http://distro.ibiblio.org/pub/linux/distributions/smeserver/releases/7/
http://smolt.contribs.org/

[raem]

linuxhelp

See the german forum
http://forums.contribs.org/index.php?board=7.0

is there a howto to run two sme server as failover-cluster?

No, but there was an older version for sme5.1. There has been some recent queries re this, search the forums on heartbeat.
The closest "similar" add on is Affa, with which you would manually "rise" the backup server to become the "live" server in the event of a failure of the main server.
http://wiki.contribs.org/Affa

[linuxhelp]

Hello

thanks i got i customized,

it is possible too, to change the Login Page title of server-manager? I successful changed horde login title
for hide on google , i case of someone search a ip range with "SME SERVER Login..." my systems are listet
very well, this is very unsecure...

If someone knows which kind of system there is online, he has the easier way to find tools against it.
The best is always "DISPLAY NO SYSTEM INFORMATION on Login Pages" !!

Thx Tom
linuxhelp-debian

Solution:

for /server-manager/ edit  /etc/e-smith/web/common/cgi-bin/login file and change to unknows value like mybox

(cause google will never list server-manager page for hacking as google search #intite="SME Server manager" )

for Horde anonym edit /etc/e-smith/templates/home/httpd/html/horde/config/registry.php/110AppRegistryHorde file

after changes make signal-event post-upgrade
and signal-event reboot

voila...You have you own hided Pages title.. much secure..

[raem]

linuxhelp

If someone knows which kind of system there is online, he has the easier way to find tools against it.

Keep in mind that sme server by default is secure, it's bad administration & inappropriate configuration that can make it less secure.

If a add on web application is buggy, then it can still be hacked whether the login page has an ID or not.
Hackers can easily scan online servers for other criteria to identify a target.

The better way to ensure security is to NOT use poorly supported web applications & to keep any web applications up to date with latest (bug fix) releases.
Some critics would even say not to use php apps at all, as it is too easy to create badly written & insecure web app using php.

Any bugs found in a well supported application will be quickly fixed, so as long as you regularly keep all your web apps up to date, then whether your server "shows" ID pages or not, it will remain secure.


Server manager is NOT accessible from external hosts by default.
You can only access server manager externally if a remote host IP is specified in the Remote Access panel, and as such, access is limited to that host, and it uses a secure (https) connection.
Access is therefore not possible by random hacking attempts.

If you are aware of any security issues (or potential ones) you should report them immediately as the developers and security team will want to know about it.

[linuxhelp]

Hello

this  point is often dicussed with my new consumers of my help =
---------------------------------------------------------------------------
Some critics would even say not to use php apps at all, as it is too easy to create badly written & insecure web app using php.
---------------------------------------------------------------------------
I often prefer static sites for sale but often the design comes on borders, and in these cases we often setup php-packages cause the consumer want a live publish system which needs no computing knowledge.

To the point of access one IP for server-manager, it's not often possible cause private consumers works with dynamic IPs
and the server-manager doesn't allow to switch free a supporter-domain. Its poor but i have to open the whole range to
support the pc over internet. The stupid consumer don't want to setup anything.

regards Tom

[raem]

linuxhelp

...cause private consumers works with dynamic IPs
and the server-manager doesn't allow to switch free a supporter-domain. Its poor but i have to open the whole range to support the pc over internet. The stupid consumer don't want to setup anything.

That's a very poor decision, it's exactly the situation I mentioned previously
ie
"Keep in mind that sme server by default is secure, it's bad administration & inappropriate configuration that can make it less secure."

It's more a case of a stupid administrator than a stupid consumer, you are very unwise to do that, as you are ONLY protected by the strength of the admin password, and as you are using user-manager, then you may have "weaker" user passwords, or over time the local admin users may change their passwords to something weaker, as they are in control.

You can always use VPN, and connect to server manager that way or create a ssh tunnel, both of which are very secure.

I recall that with the user-manager contrib, you can specify seperate remote host IP ranges (than those for server manager) using db commands, but again that requires remote users to have static IP's.

I don't know why you are worried about security. I think that your security policy is a joke, when you open up the server manager like that to be accessible by anyone on the internet.