How to hide Manjaro in the local network

For security reasons want to hide Manjaro on my local network.
WHY? Harder to find it makes it harder to hack into!
I’m new to Manjaro and a retired Windows network engineer including training & certifications.

Looking from Win11 I see Manjaro in the Explorer including all the folders.
This share was done by default.

So how to hide Manjaro from any possible network prying eyes?

OS: Manjaro Linux x86_64
Kernel: 6.11.11-1-MANJARO
Uptime: 2 hours, 37 mins
Packages: 1399 (pacman), 11 (snap)
Shell: bash 5.2.37
DE: Xfce 4.18
CPU: Intel i5-8279U (8) @ 4.100GHz
GPU: Intel CoffeeLake-U GT3e [Iris Plus Graphics
Memory: 3935MiB / 7839MiB

Can you prove that too?

Do you know how DHCP, ARP, PING work

1 Like

yeah…adds up. spot on terminology. :smiley:

answer is: unplug it from the network.

4 Likes

where did you get this information from?

I have two Manjaro devices in my network and they simply can’t be seen by any other station in the same network, especially not from Windows Explorer.

Manjaro doesn’t have Windows shares “by default”. It would require Samba services running which you have to install interactively.

2 Likes

By default Manjaro (and Linux OSs, in general) do not have any network available servers running. Which means you did something to make this happen.

That being the case you must have installed and enabled Samba and made the shares available to the network.

Uninstall Samba, and Samba shares will no longer be available for Windows to access.

You can also install a firewall, UFW with default settings will be sufficient to block access from any Windows OS, or any other OS, on your network.

5 Likes

Depending on how hidden you want/need to be and what level of invisibility you need from what kind of adversary to defend against this is a broad question.

Look into dropping traffic, this will be educational.
Since the machine probably is connected via a cable, the machine will probably show up in the arp table and via wifi as a connected device. Does the usecase require to be ‘hiden’ from the gateway/AP to?

I agree, this is the best option to be completely hidden.

1 Like

Firstly, kernel 6.11 has reached EOL. You must replace it with a supported kernel; perhaps 6.12 (the current LTS) with 6.6 (LTS) as a failsafe.


As others have indicated, required network software is not installed and network shares are not activated by default in Manjaro; whatever your problem may be, you are likely ‘barking up the wrong tree’, as the saying goes.


As a:

you will be aware that Windows was famous for just the scenario you describe. However, Manjaro does not allow this to occur by default; it is not generally possible without User interaction. This means that you, or someone having access you your computer, must have setup file sharing; whether inadvertently or knowingly.

Please think before making unsubstantiated claims, and remember that Linux is not Windows.


Even with Samba manually installed and properly configured, other computers on the LAN can only see folder hierarchies that you have explicitly shared. That being the case, to prevent sharing a hierarchy on your LAN, you should disable the share you created; or disable file sharing completely.

While I appreciate your background may likely be Windows-oriented, and by extension, Linux is new to you, perhaps some of the following article(s) may be worth looking at with a view to reversing whatever steps were taken.

Regards.

2 Likes

Welcome to Manjaro Linux - I have similar experience and certification for Windows Networking (sysadmin hosting virtual SMB).

If you want your system to be invisible (won’t respond to requests, ping included) - install firewalld and set the default zone to drop.

sudo pacman -Syu firewalld python-pyqt6
sudo systemctl enable --now firewalld
sudo firewall-cmd --set-default-zone drop

When you are using NetworkManager - you may need to verify that NetworkManager has picked up the new zone assignment.

Be aware that this may block any services you may have intentionally activated.

You need to deliberately enable and configure samba for this to be true.

A default Manjaro system has no active network services (opening ports)

samba service is not needed to be able to access shares on remote systems - this is a separate package - smbclient - which is included by default.

You need to deliberately install the package manjaro-settings-samba for this to be true.

Samba package may be provided by default; it needs to be enabled and configured before it can be used; this can be tricky for those new to samba therefore a package exist manjaro-settings-samba (non default).

  • the package is not default installed
  • the smb and nmb service is not default enabled

When you sync that package you get a working samba configuration and the relevant services are started and enabled.

The provided configuration /etc/samba/smb.conf is providing restricted access to the system and further configuration may be required by the system administrator

[global]
   workgroup = WORKGROUP
   dns proxy = no
   log file = /var/log/samba/%m.log
   max log size = 1000
   client min protocol = SMB2
   server role = standalone server
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
   pam password change = yes
   map to guest = Bad Password
   usershare allow guests = yes
   name resolve order = lmhosts bcast host wins
   security = user
   guest account = nobody
   usershare path = /var/lib/samba/usershare
   usershare max shares = 100
   usershare owner only = yes
   force create mode = 0070
   force directory mode = 0070
   load printers = no
   printing = bsd
   printcap name = /dev/null
   disable spoolss = yes
   show add printer wizard = no

[homes]
   comment = Home Directories
   browseable = no
   read only = yes
   create mask = 0700
   directory mask = 0700
   valid users = %S

[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700

[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no

The package adds existing user(s) to a group named sambashare. The group membership takes effect after rebooting the Manjaro system (or restarting userspace)

systemctl soft-reboot

The configuration allows existing users to access their home (readonly) from another system using the network address smb://<hostname>/<username> using the credentials from the connecting system - if applicable - otherwise they are challenged to provide the correct credentials.

The configuration also allows existing users to share any home folder to the network using the folder /var/lib/samba/usershare as starting point.

If that was not your intention, remove the package to roll back.

  • smb and nmb will be disabled
  • the configuration will be removed (or in case of changes, renamed with .pacsave extension)
  • the folder /var/lib/samba/usershare may not be removed if it contains data
4 Likes