Check: GEN005580
HP-UX 11.31 STIG:
GEN005580
(in versions v1 r19 through v1 r13)
Title
A system used for routing must not run other network services or applications. (Cat II impact)
Discussion
Installing extraneous software on a system designated as a dedicated router poses a security threat to the system and the network. Should an attacker gain access to the router through the unauthorized software, the entire network is susceptible to malicious activity.
Check Content
Ask the SA if the system is a designated router. If it is not, this is not applicable. If this system is a designated router, check the system for non-routing network services. # netstat -a | grep -i listen # ps -ef If non-routing services, including Web servers, file servers, DNS servers, or applications servers, but excluding management services such as SSH and SNMP, are running on the system, this is a finding.
Fix Text
Ensure only authorized software is loaded on a designated router. Authorized software will be limited to the most current version of routing protocols and SSH for system administration purposes.
Additional Identifiers
Rule ID: SV-35156r1_rule
Vulnerability ID: V-4398
Group Title: GEN005580
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001208 |
The organization partitions the information system into components residing in separate physical domains (or environments) as deemed necessary. |
Controls
| Number | Title |
|---|---|
| No controls are assigned to this check |