You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/storage/files/files-remove-smb1-linux.md
+12-8Lines changed: 12 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
-
title: Secure your Azure and on-premises environments by removing SMB 1 on Linux
3
-
description: Azure Files supports SMB 3.x and SMB 2.1, but not insecure legacy versions of SMB such as SMB 1. Before connecting to an Azure file share, you might wish to disable older versions of SMB such as SMB 1.
2
+
title: Improve security by disabling SMB 1 on Linux clients
3
+
description: Azure Files supports SMB 3.x and SMB 2.1, but not insecure legacy versions such as SMB 1. This article explains how to disable SMB 1 on Linux clients.
4
4
author: khdownie
5
5
ms.service: azure-file-storage
6
6
ms.custom: linux-related-content
@@ -9,15 +9,17 @@ ms.date: 02/23/2023
9
9
ms.author: kendownie
10
10
---
11
11
12
-
# Remove SMB 1 on Linux
12
+
# Disable SMB 1 on Linux clients
13
13
14
-
> [!CAUTION]
15
-
> This article references CentOS, a Linux distribution that is nearing End Of Life (EOL) status. Please consider your use and plan accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md).
16
-
Many organizations and internet service providers (ISPs) block the port that SMB uses to communicate, port 445. This practice originates from security guidance about legacy and deprecated versions of the SMB protocol. Although SMB 3.x is an internet-safe protocol, older versions of SMB, especially SMB 1, aren't. SMB 1, also known as CIFS (Common Internet File System), is included with many Linux distributions.
14
+
Many organizations and internet service providers (ISPs) block the port that SMB uses to communicate, port 445. This practice originates from security guidance about legacy and deprecated versions of the SMB protocol. Although SMB 3.x is an internet-safe protocol, older versions of SMB, especially SMB 1, aren't. SMB 1, also known as CIFS (Common Internet File System), is included with many Linux distributions.
15
+
16
+
SMB 1 is an outdated, inefficient, and insecure protocol. The good news is that Azure Files doesn't support SMB 1. Also, starting with Linux kernel version 4.18, Linux makes it possible to disable SMB 1. We [strongly recommend](https://aka.ms/stopusingsmb1) disabling the SMB 1 on your Linux clients before using SMB file shares in production.
17
17
18
-
SMB 1 is an outdated, inefficient, and insecure protocol. The good news is that Azure Files doesn't support SMB 1. Also, starting with Linux kernel version 4.18, Linux makes it possible to disable SMB 1. We always [strongly recommend](https://aka.ms/stopusingsmb1) disabling the SMB 1 on your Linux clients before using SMB file shares in production.
18
+
> [!CAUTION]
19
+
> This article references CentOS, a Linux distribution that will no longer be supported after June 2024. Please consider your use and plan accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md).
19
20
20
21
## Linux distribution status
22
+
21
23
Starting with Linux kernel 4.18, the SMB kernel module, called `cifs` for legacy reasons, exposes a new module parameter (often referred to as *parm* by various external documentation) called `disable_legacy_dialects`. Although introduced in Linux kernel 4.18, some vendors have backported this change to older kernels that they support. The following table details the availability of this module parameter on common Linux distributions.
22
24
23
25
| Distribution | Can disable SMB 1 |
@@ -28,7 +30,7 @@ Starting with Linux kernel 4.18, the SMB kernel module, called `cifs` for legacy
28
30
| Debian 8-9 | No |
29
31
| Debian 10+ | Yes |
30
32
| Fedora 29+ | Yes |
31
-
| CentOS 7 | No |
33
+
| CentOS 7 | No |
32
34
| CentOS 8+ | Yes |
33
35
| Red Hat Enterprise Linux 6.x-7.x | No |
34
36
| Red Hat Enterprise Linux 8+ | Yes |
@@ -52,6 +54,7 @@ disable_legacy_dialects: To improve security it may be helpful to restrict the a
52
54
```
53
55
54
56
## Remove SMB 1
57
+
55
58
Before disabling SMB 1, confirm that the SMB module isn't currently loaded on your system (which happens automatically if you've mounted an SMB share). Run the following command, which should output nothing if SMB isn't loaded:
0 commit comments