5.2 Protecting your Samba network shares linux/x86 only)

Please note that the Preloadable Library Call Wrapper (fprot.so) is only available in F-PROT Antivirus for Linux on x86

Samba allows you to make your server act as a file server for Windows workstations connected on a network. Since such file servers generally contain shared network resources, protecting the server is essential to the system's security. To actively protect Windows workstation from, for instance contracting viruses that might be stored inside files residing on a UNIX samba (SMB/CIFS) server, on-access scanning is required. On-access scanning is provided by F-PROT Antivirus for UNIX using the Preloadable Library Call Wrapper (f-prot.so) and the F-PROT Antivirus Daemon scanner (f-protd).

This is how you do it

By inserting the path to the Preloadable Library Call Wrapper (f-prot.so) in /etc/ld.so.preload (as described in the man page for f-prot.so), every file opened by any and all applications that use dynamic linking will be scanned before the application gets to read its contents. Please note that this will not work with statically linked executables. Be sure to read the WARNINGS section in the man page for f-prot.so before using /etc/ld.so.preload.

If you feel that scanning every file opened by any and all applications that use dynamic linking is overkill, you can limit on-access scanning to "samba-shared files only", by skipping /etc/ld.so.preload and exporting the LD_PRELOAD environment variable to the smbd process explicitly.

Exactly how this is done depends on your distribution and how you start the samba server. In general, you will need to edit your samba startup script, usually called /etc/init.d/smb or /etc/init.d/samba and add the string:

LD_PRELOAD=/usr/local/f-prot/tools/f-prot.so

to the beginning of the line where smbd is started.

RedHat example:

In the file

/etc/init.d/smb

change the line:

daemon smbd $SMBDOPTIONS

to:

LD_PRELOAD="/usr/local/f-prot/tools/f-prot.so" daemon smbd $SMBDOPTIONS

SuSE example (from SuSE 8.2):

In the file

/etc/init.d/smb

change the line:

startproc -p ${PID_FILE} ${DAEMON_DIR}${BIN_SUFFIX}/${SMBD_BIN} -D -s ${SMB_CONF}

to:

LD_PRELOAD=/usr/local/f-prot/tools/f-prot.so startproc -p ${PID_FILE} ${DAEMON_DIR}${BIN_SUFFIX}/${SMBD_BIN} -D -s ${SMB_CONF}

Please note: You might further want to limit the scope of file scanning by setting scanning rules in /etc/f-prot.conf. We recommend that you create that file if it does not exist, even if you do not intend to use is as f-prot.so expects it to be there, no matter if it is empty. See the man page for f-prot.so for detailed information regarding /etc/f-prot.conf, f-prot.so in general and its configuration options.

For SELinux users, see man page for f-prot.so for detailed description regarding the documentation and configuration in general.

< Previous | Back to Index | Next >