[Linux] How to Expose an SMB Share as an NFS Storage Unit

Prerequisites

  1. A machine where MetaDefender Storage Security is installed (let's call it MDSS machine)
  2. An SMB share from a Linux or Windows machine

Step-by-Step Guide

Follow these steps to configure the SMB share as an NFS storage unit in MDSS:

Step 1: Install cifs-utils

On the MDSS machine, you will need the cifs-utils package to enable mounting of SMB shares.

Install it using your distribution's package manager.

Step 2: Create new mounting directory

Create a dedicated directory on the MDSS machine where the SMB share will be mounted.

The new directory must be at the following path /mnt/mdss/nfs/{my-new-folder} where {my-new-folder} is a name you choose for your share.

Step 3: Perform the mount

This step involves preparing credentials and then executing the mount command.

3.1 Create a credentials file containing the SMB server credentials

Create a file, for instance at /etc/smb-credentials, to store the SMB server login details. The file should contain:

/etc/smb-credentials
Copy

Replace {username}, {password} and (if needed) {domain} with the actual credentials for the SMB share.

It's recommended to use separate credential files for different shares

3.2 Secure the credentials file

To protect the sensitive information in the credentials file, restrict its permissions and ownership:

  • set permissions so only the owner can read and write:
Only the file owner can read / write
Copy
  • set ownership to root:
Set complete root ownership
Copy

3.3 Perform the mount

Execute the mount command to connect the SMB share to the directory you created. The command format is:

Bash
Copy
  • replace //server/share with the actual path to your SMB share
  • replace /mnt/mdss/nfs/{my-new-folder} with the mount directory you created.
  • ensure the path to your credentials file is correct

The mount command offers various configurable parameters. You can adapt these to your specific requirements.

MDSS will work with any configuration as long as the SMB share is mounted successfully and MDSS has at least read access. For remediation capabilities, write access will be necessary.

Step 4: Ensure mount is persistent

To make sure the SMB share automatically mounts after the MDSS machine restarts, add an entry to the /etc/fstab file. Without this, the mount will be lost upon reboot.

An example entry in /etc/fstab might look like this (adapt it to your specific paths and options):

/etc/fstab
Copy

You may need to adjust options like uid and gid to ensure proper file permissions for MDSS.

Step 5: Add the mounted directory in MDSS

Once the SMB share is successfully mounted and persistance is configured:

  • open the MetaDefender Storage Security user interface
  • Navigate to the section for adding a new storage unit
  • Choose to add an NFS storage unit
  • In the configuration, specify the Mount directory as the folder you created and used in Step 2 ({my-new-folder})
  • You'll also typically provide a Storage name and potentially save it as a new account or assign it to a group, as suggested by the screenshot below:
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
How to Enable NFS scanning on a Kubernetes Cluster
On This Page
[Linux] How to Expose an SMB Share as an NFS Storage UnitPrerequisitesStep-by-Step GuideStep 1: Install cifs-utilsStep 2: Create new mounting directoryStep 3: Perform the mount3.1 Create a credentials file containing the SMB server credentials3.2 Secure the credentials file3.3 Perform the mountStep 4: Ensure mount is persistentStep 5: Add the mounted directory in MDSS