Check: OL6-00-000272
Oracle Linux 6 STIG:
OL6-00-000272
(in versions v2 r7 through v1 r9)
Title
The system must use SMB client signing for connecting to samba servers using smbclient. (Cat III impact)
Discussion
Packet signing can prevent man-in-the-middle attacks which modify SMB packets in transit.
Check Content
To verify that Samba clients running smbclient must use packet signing, run the following command: # grep signing /etc/samba/smb.conf The output should show: client signing = mandatory If it is not, this is a finding.
Fix Text
To require samba clients running "smbclient" to use packet signing, add the following to the "[global]" section of the Samba configuration file in "/etc/samba/smb.conf": client signing = mandatory Requiring samba clients such as "smbclient" to use packet signing ensures they can only communicate with servers that support packet signing.
Additional Identifiers
Rule ID: SV-209010r793731_rule
Vulnerability ID: V-209010
Group Title: SRG-OS-000480
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |