Check: GEN006230
HP-UX 11.23 STIG:
GEN006230
(in version v1 r8)
Title
Samba must be configured to use encrypted passwords. (Cat II impact)
Discussion
Samba must be configured to protect authenticators. If Samba passwords are not encrypted for storage, plain-text user passwords may be read by those with access to the Samba password file.
Check Content
Check the encryption setting in the Samba configuration file. # cat /etc/opt/samba/smb.conf | tr '\011' ' ' | tr -s ' ' | sed -e 's/^[ \t]*//' | grep -v "^#" | grep -i "^encrypt passwords = yes" If the encrypt passwords setting is not set to "yes", this is a finding.
Fix Text
Edit the /etc/opt/samba/smb.conf file and change the encrypt passwords setting to yes, for example: encrypt passwords = yes
Additional Identifiers
Rule ID: SV-35111r1_rule
Vulnerability ID: V-22500
Group Title: GEN006230
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |