An error occurred:

Check: GEN006060

SUSE Linux Enterprise Server v11 for System z STIG: GEN006060 (in versions v1 r12 through v1 r9)

Title

The system must not run Samba unless needed. (Cat II impact)

Discussion

Samba is a tool used for the sharing of files and printers between Windows and UNIX operating systems. It provides access to sensitive files and, therefore, poses a security risk if compromised.

Check Content

Check the system for a running Samba server. Procedure: # ps -ef |grep smbd If the Samba server is running, ask the SA if the Samba server is operationally required. If it is not, this is a finding.

Fix Text

If there is no functional need for Samba and the daemon is running, disable the daemon by killing the process ID as noted from the output of ps -ef |grep smbd. The samba package should also be removed or not installed if there is no functional requirement. Procedure: rpm -qa |grep samba This will show if "samba" is installed. Packages that start with “yast2-samba” are NOT part of the Samba software suite. To remove: rpm -e samba SuSEconfig

Additional Identifiers

Rule ID: SV-46129r1_rule

Vulnerability ID: V-4321

Group Title: GEN006060

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001436

The organization disables organization-defined networking protocols within the information system deemed to be nonsecure except for explicitly identified components in support of specific operational requirements.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check