Disable Root Access to SMB Shares
An XCCDF Rule
Description
Administrators should not use administrator accounts to access Samba file and printer shares. Disable the root user and the wheel administrator group:
[share] invalid users = root @wheelIf administrator accounts cannot be disabled, ensure that local system passwords and Samba service passwords do not match.
Rationale
Typically, administrator access is required when Samba must create user and
system accounts and shares. Domain member servers and standalone servers may
not need administrator access at all. If that is the case, add the invalid
users parameter to [global] instead.
- ID
- xccdf_org.ssgproject.content_rule_smb_server_disable_root
- Severity
- Unknown
- References
- Updated