# Samba config file created for SMB-Lure
# Global parameters

[global]

# TRICK 0: Setup our own workgroup, so named to be the first item in the Windows Network Neighborhood
workgroup = 000-SECURITY

# TRICK 1: Name our server, so that it appears as the first machine in its workgroup
netbios name = 000-worm-sensor

# TRICK 2: Create a few aliases for our sensor, so that it appears multiple times, interspersed in the workgroup
netbios aliases = C00-worm-sensor E00-worm-sensor J00-worm-sensor M00-worm-sensor 

# warn curious individuals to stay away from our sensor
server string = Virus detector. Please! Do not touch (972-883-6866)
# Lets be very promiscuous, we will share our fileshare contents with all worms

security = SHARE

# TRICK 3: Turn on Debug mode.  This will provide useful information about what types of files the worm is accessing
# or is looking for on our server.

debug level = 3

# Each visiting computer will have its own dedicated log file, makes reading much easier.

log file = /usr/local/samba/logs/%m.log

# No limit on log size

max log size = 0

# Pretend to be a Windows NT 4 computer

announce version = 4.0

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

dns proxy = No

wins server = 129.110.27.65

name resolve order = wins

# We will be domain master, for 000-SECURITY

domain master = True

preferred master = True

#  The IP address of our WINS server, provides name resolution

wins server = 129.110.70.36

browseable = Yes

# TRICK-4: remotely announce our existance around the corporate network 
# and force ourselves into several regionally and alphabetically diverse
# workgroups/domains.  The IP addresses are the broadcast addresses for 
# subnets that contain NT/Win2K servers.
# Note the number of computers we are pretending to be is the number of 
# remote-announce domains multiplied by the number of aliases (See TRICK-2)

remote announce = 129.110.161.255/000-SECURITY  129.110.161.255/AV


# Here is where we define our fileshare ( called Wormbait)

[Wormbait] 

# Scare away all the human worms, if they didn't get the picture from the server description above
comment = Network Worm Bait, Please don't touch! 

# Directory containing lots of juicy infectable files, stored in multiple directories.
path = /home/wormbait 

#  Worms are our guests and allowed to do their worst.
writeable = Yes 

guest ok = Yes