I recently realized that my samba server was exposed for about 3 years to the wan (ports opened and smbd was listening). I made a mistake when I configured my firewall and failed to check it.
This was the content of my smb.conf:
workgroup = WORKGROUP
dns proxy = no
interfaces = eth2 eth4
bind interfaces only = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
server role = standalone server
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
[homes]
comment = homes
browseable = no
valid users = %S
create mode = 0600
directory mode = 0700
writeable = yes
[smb]
path = /home/smb
comment = share
guest ok = no
force create mode = 0775
force directory mode = 0775
writeable = yes
browseable = yes
valid users = @smb
force group = smb
[www]
path = /www
comment = nginx
valid users = admin
browseable = no
guest ok = no
writeable = yes
force create mode = 0774
force directory mode = 0774
force group = www-data
I've briefly reviewed the list of Samba vulnerabilities in recent years and wow ... many possibilities.
The server was updated regularly every 2 weeks.
Should I "nuke my server" and reinstall everything?
There have been no signs of compromise to this day, but I would like to stay safe.