Check: GEN006080
HP-UX 11.23 STIG:
GEN006080
(in version v1 r8)
Title
The Samba Web Administration Tool (SWAT) must be restricted to the local host or require SSL. (Cat II impact)
Discussion
SWAT is a tool used to configure Samba. As it modifies Samba configuration, which can impact system security, it must be protected from unauthorized access. SWAT authentication may involve the root password, which must be protected by encryption when traversing the network. Restricting access to the local host allows for the use of SSH TCP forwarding, if configured, or administration by a web browser on the local system.
Check Content
Determine if the CIFS (HP SAMBA) bundle is installed (SWAT is included). # swlist -l bundle | egrep -i "CIFS-CLIENT|CIFS-SERVER" If the HP bundle is not installed, this is not applicable. If the HP bundle is installed, ask the SA if the Samba Web Administration Tool (SWAT) has been configured to use SSL. If SWAT is not configured to use SSL, this is a finding.
Fix Text
Disable SWAT. # chmod 0000 <path>/swat OR # rm -i <path>/swat
Additional Identifiers
Rule ID: SV-35211r1_rule
Vulnerability ID: V-1026
Group Title: GEN006080
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001436 |
The organization disables organization-defined networking protocols within the information system deemed to be nonsecure except for explicitly identified components in support of specific operational requirements. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |