P. 1
Samba

Samba

|Views: 167|Likes:
Publicado porNurul Istiqomah

More info:

Published by: Nurul Istiqomah on Dec 14, 2010
Direitos Autorais:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

02/21/2014

pdf

text

original

If you’re installing a new or updated Red Hat Package Manager (rpm) of Samba,you
need to check the package before installing it. The two levels of checking include the
checksum and the author. The checksum is simple:

rpm --checksig
[root@server RPMS]# rpm --checksig samba-2.0.5a-12.i386.rpm
samba-2.0.5a-12.i386.rpm: md5 GPG NOT OK
[root@server RPMS]#

Does GPG NOT OKmean this file has a problem? Well,not exactly. rpmsupportsMD-5
signatures,Pretty Good Privacy (pgp) available at www.cryptography.org/getpgp.htm,
and nowGNU Privacy Guard (gpg) —go to www.gnupg.org/download.html). Not all

rpmversions have been signed with gpgat this time. If you do not have gpginstalled
with the right public keys,you’ll need to skip that part (although this,in itself,is a
potential security hole).

It’s worth the effort to install or obtain gpgand start collecting the public keys of the
developers or vendors you’ll be dealing with; it’s a simple procedure.

Creating a Turnkey Samba System

PARTII

432

18 8628 CH15 3/17/00 1:39 PM Page 432

To do this for Red Hat,download the public keys from Red Hat’s site and add them
to your public key “key ring.”The public key used to sign rpmfiles is available at

www.redhat.com/about/redhat2.asc. Save this file to disk; then invoke gpgto import
it to your public key ring:

gpg --import redhat2.asc

You can then verify it again,like so:

[root@server root]$ rpm -K /mnt/cdrom/RedHat/RPMS/samba*.rpm
/mnt/cdrom/RedHat/RPMS/samba-2.0.5a-12.i386.rpm: md5 gpg OK
/mnt/cdrom/RedHat/RPMS/samba-client-2.0.5a-12.i386.rpm: md5 gpg OK
/mnt/cdrom/RedHat/RPMS/samba-common-2.0.5a-12.i386.rpm: md5 gpg OK
[root@server root]$

Note that you don’t have to perform the signature verification as root. You can just as
easily add the public keys to a lower-level user account’s key ring. You can also verify an

rpmwithout checking the key:

[root@server RPMS]# rpm --checksig --nogpg samba-2.0.5a-12.i386.rpm
samba-2.0.5a-12.i386.rpm: md5 OK
[root@server RPMS]#

This way,the error message is skipped. Note that --checksigis actually the -Koption.
You can get slightly more verbose output by using vwith it,too:

[root@server RPMS]# rpm -Kv --nogpg samba-2.0.5a-12.i386.rpm
samba-2.0.5a-12.i386.rpm:
MD5 sum OK: 28232b0e2bca295e9f51285de1a4269b
[root@server RPMS]#

You can get even more complete verification information by using the display debug
(-vv) option:

[root@server RPMS]# rpm -Kvv samba-2.0.5a-12.i386.rpm
D: New Header signature
D: Signature size: 149
D: Signature pad : 3
D: sigsize : 152
D: Header + Archive: 1740143
D: expected size : 1740143
samba-2.0.5a-12.i386.rpm:
MD5 sum OK: 28232b0e2bca295e9f51285de1a4269b
gpg: Signature made Mon 27 Sep 1999 04:38:55 PM UTC using DSA key ID DB42A60E
gpg: Can’t check signature: public key not found
[root@server RPMS]#

This also details gpgfailure when a public key cannot be found. For source code files,
there are no signatures to check.

Samba Security

CHAPTER15

433

15

S

A
M
B
A

S

E
C
U
R
I
T
Y

18 8628 CH15 3/17/00 1:39 PM Page 433

You're Reading a Free Preview

Descarregar
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->