Navigate

Check: RHEL-06-000272

Red Hat Enterprise Linux 6 STIG: RHEL-06-000272 (in versions v2 r2 through v1 r14)

Title

The system must use SMB client signing for connecting to samba servers using smbclient. (Cat III impact)

Discussion

Packet signing can prevent man-in-the-middle attacks which modify SMB packets in transit.

Check Content

To verify that Samba clients running smbclient must use packet signing, run the following command: # grep signing /etc/samba/smb.conf The output should show: client signing = mandatory If it is not, this is a finding.

Fix Text

To require samba clients running "smbclient" to use packet signing, add the following to the "[global]" section of the Samba configuration file in "/etc/samba/smb.conf": client signing = mandatory Requiring samba clients such as "smbclient" to use packet signing ensures they can only communicate with servers that support packet signing.

Additional Identifiers

Rule ID: SV-218024r603264_rule

Vulnerability ID: V-218024

Group Title: SRG-OS-000480

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings