cancel
Showing results for 
Search instead for 
Did you mean: 

CIFS Accounts on Printers

Harris Estep
Frequent Advisor

CIFS Accounts on Printers

I have been informed that I need to remove or disable unncessary CIFS accounts to remove a possible security vulnerability. Using the web interface and JetAdmin, I can see no reference to CIFS. Can you tell me where the CIFS accounts would be configured, added, deleted, disabled?
4 REPLIES
Robert Salter
Respected Contributor

Re: CIFS Accounts on Printers

You mean CIFS as in CIFS/9000?

Try doing "cifslist" to see what is mounted and by who.

Do a man on cifslogin or cifslogout to see how to logout of the CIFS mount and then just do a umount of the file system.

To disable any future mounts, comment out the entry in /etc/fstab.

Beers,

robert
Time to smoke and joke
Bill Hassell
Honored Contributor

Re: CIFS Accounts on Printers

CIFS is another name for SAMBA which is software that can link to Windows-based shares. The information you have is inadequate since CIFS can be a client or a server or both, so the term "account" is not meaningful, especially for a printer.

If you are directed to shutdown CIFS/SAMBA, then you can do so with the start/stop scripts and changing the /etc/rc.config.d configuration files. I would ask for clarification.


Bill Hassell, sysadmin
Viktor Balogh
Honored Contributor

Re: CIFS Accounts on Printers

Hi Harris,

cifslist can be used on the client side for listing the CIFS shares mounted. However, I think your HP-UX server is rather used as a CIFS server, at least that's a more common way.

Take a look here, that's a list of CIFS (~samba) config files:

http://viktorbalogh.net/blog/hp-ux/hp-ux_sysadm/samba-locations

The users are authenticated against the smbpasswd file. The unwanted users should be eliminated from this file.

/var/opt/samba/private/smbpasswd

****
Unix operates with beer.
Rita C Workman
Honored Contributor

Re: CIFS Accounts on Printers

Harris,

CIFS or SAMBA shares. On HPUX you want to look into the /etc/opt/samba/smb.conf file on the server and check the entries for the shares.

Now here's a caveat. Don't know what you're dealing with, but I have gotten this when mgmt brings in the latest security consultants and they 'ding' me on these shares. So, my advise, since you obviously inherited these shares -

! ! Check out what each share is doing BEFORE you remove it. Otherwise you may find you remove something that someone or some appl is using and it will be you they scream at when it stops and messes up production ! !

CIFS/SAMBA shares can create a security hole, but if you configure each share locked down properly ou can keep it reasonably secure.
And for those pesky consultants, I'm amazed at how they find these nothing (like I didn't know) shares, and miss the really big holes in security around here.
.....that we guard....

Kindest regards,
Rita