Network analysis tools must not be installed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-12049 | GEN003865 | SV-35138r1_rule | DCPA-1 | Medium |
| Description |
|---|
| Network analysis tools allow for the capture of network traffic visible to the system. |
| STIG | Date |
|---|---|
| HP-UX 11.23 Security Technical Implementation Guide | 2015-12-02 |
Details
| Check Text ( C-36544r1_chk ) |
|---|
| Determine if any network analysis tools are installed. Search for the binary: # find / -type f -name ethereal | xargs -n1 ls -lL # find / -type f -name wireshark | xargs -n1 ls -lL # find / -type f -name tshark | xargs -n1 ls -lL # find / -type f -name netcat | xargs -n1 ls -lL # find / -type f -name tcpdump | xargs -n1 ls -lL # find / -type f -name snoop | xargs -n1 ls -lL If any network analysis tools are found, this is a finding. |
| Fix Text (F-31909r1_fix) |
|---|
| Remove the network analysis tool binary from the system. Consult vendor documentation for removing packaged software, or remove the binary directly via the following example: # rm -i |