cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
pnung
Paper Tape
Posts: 2
Registered: ‎07-17-2018
Location: DE
Views: 676
Message 1 of 3

Disable smb v1 on Lenovo XClarity Administrator

Hallo.

 

Lenovo XClarity Administrator Version 2.0.0 has Samba Port 445 open with  smb v1 protocol.

Someone know how to disable smb v1 on Lenovo XClarity Administrator 2.0.0

 

Here a nmap Scan for port 445 on XClarity VM Appliance

 

C:\Users\u011143\Downloads\nmap>nmap -sV --script smb-protocols -p 445 10.10.1.199

Starting Nmap 7.60 ( https://nmap.org ) at 2018-07-16 14:41 Mitteleuropõische Sommerzeit
Nmap scan report for pu-xclarity.der.de (10.10.1.199)
Host is up (0.00088s latency).

PORT    STATE SERVICE     VERSION
445/tcp open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)

Host script results:
| smb-protocols:
|   dialects:
|_    NT LM 0.12 (SMBv1) [dangerous, but default]

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.77 seconds

C:\Users\u011143\Downloads\nmap>

We need this for PCI Audit.

 

Kind regards,

pnung

 

Lenovo Employee Inca_Roads
Lenovo Employee
Posts: 175
Registered: ‎04-16-2015
Location: US
Views: 659
Message 2 of 3

Re: Disable smb v1 on Lenovo XClarity Administrator

LXCA uses SAMBA for the Operating System Deploy function.  If you wish to deploy OS to servers, this is required.  The SAMBA share is READ ONLY, but many security scanners still consider this a vulnerability, simply because the SAMBA port is open. 

 

If you want to disable SAMBA, you must disable OS deploy.  You can find instructions for doing that here:
http://sysmgt.lenovofiles.com/help/index.jsp?topic=%2Fcom.lenovo.lxca.doc%2Fnetwork_configaccess.htm...

You must configure the network interface so that it does NOT include "deploy operating system images":

Modify the network interface to be used for operating-system deployment if you intend to deploy operating-systems from Lenovo XClarity Administrator.

  • If only one interface is defined for Lenovo XClarity Administrator (Eth0), choose whether that interface is to be used to discover and manage hardware only, or whether it is also to be used to deploy operating-system images.

  • If two interfaces are defined for Lenovo XClarity Administrator (Eth0 and Eth1), determine which interface is to be used to deploy operating-system images. If you choose "None", you cannot deploy operating-system images to managed servers from Lenovo XClarity Administrator.

 

Inca Roads

pnung
Paper Tape
Posts: 2
Registered: ‎07-17-2018
Location: DE
Views: 638
Message 3 of 3

Re: Disable smb v1 on Lenovo XClarity Administrator

Thank you for fast feedback.

Your solution work super.

 

C:\Users\u011143\Downloads\nmap>nmap -sV --script smb-protocols -p 445 10.10.1.199

Starting Nmap 7.60 ( https://nmap.org ) at 2018-07-17 16:48 Mitteleuropõische SommerzeitNmap scan report for pu-xclarity.der.de (10.10.1.199)
Host is up (0.0010s latency).

PORT    STATE  SERVICE      VERSION
445/tcp closed microsoft-ds

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 1.68 seconds

C:\Users\u011143\Downloads\nmap>

Port is complete closed. That is exactly what we need.

 

Thank you!

 

Check out current deals!


Shop current deals