This is really scary stuff

Source: The Short Life of a Vulnerable DVR Connected to the Internet – SANS Internet Storm Center

I’ve set up DVRs and the UX/UI on most of them is appalling, along with the entire setup and configuration process. Then to find out the moment you connect them to your network they just become another attack vector, one that cannot be easily closed off.

These are pretty pricey devices that I believe can be replaced with a Raspberry Pi to obtain more flexibility and better recording quality. It’s just the software that’s needed.

The no-bullshit Samba plus Nautilus network shares method.

Here is how to setup Samba and GNOME Nautilus to allow user directory sharing without having to allow root access. These commands are made with Debian in mind, so if you want to use them for your Linux distribution, you’ll have to adapt them.

  1. Install samba and nautilus-share.
  2. # aptitude install samba nautilus-share

  3. Rename your smb.conf to smb.conf.master
  4. # cd /etc/samba
    # mv smb.conf smb.conf.master

  5. Add the following to smb.conf.master somewhere under the [global] stanza using your favorite text editor.
  6. security = SHARE
    usershare allow guests = Yes
    usershare owner only = No

  7. Run the following command:
  8. # testparm -s smb.conf.master > smb.conf

    This tests the samba master configuration file, then outputs the results to the file samba itself will use for its configuration. If it finds errors, it will warn you about them.

    According to the Samba docs, a small smb.conf file improves performance. It also improves readability once you’re familiar with Samba options.

  9. Restart samba.
  10. # /etc/init.d/samba restart

  11. Add your user to the sambashare group. If more people use the system and they need to share files, make sure to add them as well.
  12. # useradd -G sambashare foo

  13. Log out of your user session, then log back in.
  14. On Nautilus, when you right-click directories you will now see a “Sharing options” item. Through this item you can:
    • Share the folder, assigning a share name.
    • Allow read/write access.
    • Enable Guest access, which allows people without a user account on the system to access the share.

This last option is the most useful as people can now get stuff through the network without having to deal with usernames or passwords. Does this make the Linux system behave like a Windows system? Yes, it does.

There is something to be said, however, about the convenience of creating shares without having to muck around the smb.conf.master file whenever you want to make a change.