Check: GEN006080
VMware ESX 3 Server:
GEN006080
(in version v1 r2)
Title
The Samba Web Administration Tool (SWAT) must be restricted to the local host or require SSL. (Cat II impact)
Discussion
SWAT is a tool used to configure Samba. As it modifies Samba configuration, which can impact system security, it must be protected from unauthorized access. SWAT authentication may involve the root password, which must be protected by encryption when traversing the network. Restricting access to the local host allows for the use of SSH TCP forwarding, if configured, or administration by a web browser on the local system.
Check Content
Check the system for an enabled SWAT service. # grep -i swat /etc/inetd.conf If SWAT is found enabled, it must be utilized with SSL to ensure a secure connection between the client and the server. Ask the SA to identify the method used to provide SSL protection for the SWAT service. Verify (or ask the SA to demonstrate) this configuration is effective by accessing SWAT using an HTTPS connection from a web browser. If SWAT is found enabled and has no SSL protection, this is a finding.
Fix Text
Disable SWAT (e.g., remove the "swat" line from inetd.conf or equivalent, and restart the service) or configure SSL protection for the SWAT service.
Additional Identifiers
Rule ID: SV-1026r2_rule
Vulnerability ID: V-1026
Group Title: GEN006080
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001436 |
The organization disables organization-defined networking protocols within the information system deemed to be nonsecure except for explicitly identified components in support of specific operational requirements. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |