Hi startsels12,
Quote Originally Posted by startsles12 View Post
If I might dare to pickup again on this topic, I managed to hide sharenames by setting "browsable = no", but there seems to be a insecure setting I'd like to prevent:

CIFSRPC nullsession exploitable, can list shares, can read registry, can enumerate users

Any way to block null session detected by Nessus?

I assume a "map to guest = Never" in the global section would do the trick...
as this is a new issue, it probably'd be better to start a new thread for this - especially as it addresses a security concern.

Are you using the latest updates to Samba? There have been important recent updates in that area. I'm not those cover the issue caught by Nessus, but installing these updates is more than worth it.

Regards,
Jens