Navigate

Check: GEN006060

HP-UX 11.31 STIG: GEN006060 (in versions v1 r19 through v1 r13)

Title

The system must not run Samba unless needed. (Cat II impact)

Discussion

Samba is a tool used for the sharing of files and printers between Windows and UNIX operating systems. It provides access to sensitive files and, therefore, poses a security risk if compromised.

Check Content

Check the system for a running Samba server. # ps -ef |grep -v grep | grep smbd If the Samba server is running, ask the SA if the Samba server is operationally required. If it is not, this is a finding.

Fix Text

If there is no functional need for Samba and the daemon is running, disable the daemon by killing the process ID as noted from the output of ps -ef |grep smbd. The utility should also be removed or not installed if there is no functional requirement.

Additional Identifiers

Rule ID: SV-35208r1_rule

Vulnerability ID: V-4321

Group Title: GEN006060

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001436	The organization disables organization-defined networking protocols within the information system deemed to be nonsecure except for explicitly identified components in support of specific operational requirements.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
No controls are assigned to this check