WTF *Nix

Figured to share the following IPTables bash script with everyone that requires information on how to allow access through your IPTables to your local network with Samba:

#!/bin/bash

SAMBA_SERVER=”192.168.0.1 ”
NETWORK=”192.168.0.0/24″
BROADCAST=”192.168.255.255″

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -p udp -s $NETWORK -d $SAMBA_SERVER -m multiport –dports 137,138 -j ACCEPT
iptables -A INPUT -p tcp -s $NETWORK -d $SAMBA_SERVER -m multiport –dports 139,445 -j ACCEPT
iptables -A INPUT -p udp -s $NETWORK -d $BROADCAST –dport 137 -j ACCEPT
iptables -A INPUT -p udp -d $SAMBA_SERVER -m multiport –dports 137,138 -j DROP
iptables -A INPUT -p tcp -d $SAMBA_SERVER -m multiport –dports 139,445 -j DROP
iptables -A OUTPUT -s $SAMBA_SERVER -d $NETWORK -m state –state ESTABLISHED,RELATED -j ACCEPT

The other day let’s put this in short, called out to do a job on Thursday night @ 4:30PM turn around at 3:30AM I was headed home from doing a recovery effort on a offsite location.

Well little here nor there, I have created a pretty little Script for anyone wanting to use this if they find themselves where their FreeBSD locks up, fstab is all borked, everything is array and you have another server you moved all files too just in case of hardware failure and have access via ssh. Where this script, you can move all of the samba/share files and folders in one shot that you gave temporary access to this server while you were fixing the failed Samba.

This script will move all the “Changed” files and folders and preserve all permissions and ownership so you don’t have to dig through and chown and chmod NOTHING. So in the few hours that these shared files were being accessed you can safely restore all the files back to Samba-1 server from Samba-2 server.

#!/bin/sh
# A advanced scp command to copy files, folders that have been modified after a specified time by WTFNIX.com
#
mkdir -p REVfiles
touch -t 0804250140 REVmark #Date and time format: year, month, day, hour minute
find $1 -newer REVmark | cpio -pdu REVfiles
cd REVfiles
tar -cf $1.tar $1
gzip $1.tar
scp $1.tar.gz root@IPADDRESS:/samba
cd ..
rm -rf REVfiles
rm -rf REVmark

I sure as hell hope this helps someone out if they need it, just copy the code and create a .sh script on their server using vi or whatever editor you use.

A lot have asked what Samba is, so I’m a break it down for you slowly and pretty much on target for the “general” audience. Samba is pretty much a suite of nice tools/utilities that allows your *nix box to share files, printers, other resources with your Windoz boxes. Yes this is pretty much as like your Active Directory for Windows but in a more stable and SECURE way of doing what you consider a (PDC Primary Domain Controller) / a server within the Windoz Workgroup. Once you configure Samba appropriately, you will allow pretty much whomever is on your network to have some of the following cool features:

1.       Their own logins on the network you set this up for within the Windoz. Where having their own files on the *nix box appear to be located on a new Windoz drive.

2.       Shared access permissions to printers and other resources on the *nix box, this is up to the administrator on what he/she wants.

3.       Shared files can be accessible to only the members of their *nix user group. (This goes within the role of the Samba Admin.)

Some have no clue what a PDC vs. a Windows Workgroup, well I’m a break it out for you here:

PDC – pretty much stores the login info in a central db on its hard drive, which this allows each user to have a pretty flexible username and password that can be used all throughout the network when logging into the network.

Windoz Workgroup – This is on the PC of the Windoz boxes where it stores the usernames and passwords locally so that they are pretty much unique for each PC (user)

Simple enough huh? Well that’s your passing crash course on Windoz methodology!

Samba pretty much mimics a Windoz PDC in almost every way needed to share files simply, however Linux functionality doesn’t disappear when you do this, so keep that in mind. Samba domains and Linux share the same usernames so they can pretty much log into the Samba-based Windoz domain using your Linux password and immediately gain access too whatever is assigned too you under your user. Pretty much whatever is assigned too you under your /home/username/ folder for files, and the network admin should know to NEVER give root access to anyone. =) However keep in mind the Admin should think about added security if needed by creating the passwords for the Linux user and the Samba user different. This will help out in more ways imaginable, where security should be a big concern, because anyone in the outside world is always treated as an enemy. Sucks to think about it that way, but you can NOT trust anyone other than your co-workers (well…. Nvm.)

So hope this helps some out what Samba really is, and if you have it like me at home, I have a Samba domain up and it works wonders from versioning controls and using it to store Visual Source Safe on as well for extra security and simplicity rather than dealing with NFTS.