UCF STIG Viewer Logo

Network analysis tools must not be installed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-12049 GEN003865 SV-38880r1_rule DCPA-1 Medium
Description
Network analysis tools allow for the capture of network traffic visible to the system.
STIG Date
Draft AIX Security Technical Implementation Guide 2011-08-17

Details

Check Text ( C-37884r1_chk )
Determine if any network analysis tools are installed.

Procedure:
# find / -name ethereal
# find / -name wireshark
# find / -name tshark
# find / -name netcat
# find / -name tcpdump
# find / -name snoop

If any network analysis tools are found, this is a finding.

Additional Information: The binary tcpdump is provided in the bos.net.tcp.server fileset and this fileset can not be uninstalled.
Fix Text (F-33131r1_fix)
Remove the network analysis tool binary from the system.

Procedure:
# rm /usr/sbin/tcpdump