The Samba Web Administration Tool (SWAT) must be restricted to the local host or require SSL.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-1026	GEN006080	SV-35211r1_rule	EBRP-1 ECCT-1 ECCT-2	Medium

Description
SWAT is a tool used to configure Samba. As it modifies Samba configuration, which can impact system security, it must be protected from unauthorized access. SWAT authentication may involve the root password, which must be protected by encryption when traversing the network. Restricting access to the local host allows for the use of SSH TCP forwarding, if configured, or administration by a web browser on the local system.

Description

SWAT is a tool used to configure Samba. As it modifies Samba configuration, which can impact system security, it must be protected from unauthorized access. SWAT authentication may involve the root password, which must be protected by encryption when traversing the network. Restricting access to the local host allows for the use of SSH TCP forwarding, if configured, or administration by a web browser on the local system.

STIG	Date
HP-UX 11.23 Security Technical Implementation Guide	2012-05-25

Details

Check Text ( C-36693r3_chk )
Determine if the CIFS (HP SAMBA) bundle is installed (SWAT is included). # swlist -l bundle \| egrep -i "CIFS-CLIENT\|CIFS-SERVER" If the HP bundle is not installed, this is not applicable. If the HP bundle is installed, ask the SA if the Samba Web Administration Tool (SWAT) has been configured to use SSL. If SWAT is not configured to use SSL, this is a finding.

Fix Text (F-32068r2_fix)
Disable SWAT. # chmod 0000 /swat OR # rm -i /swat