Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-12049 | GEN003865 | SV-64029r2_rule | DCPA-1 | Medium |
Description |
---|
Network analysis tools allow for the capture of network traffic visible to the system. If the system is being used as a network analysis/troubleshooting system then these tools are allowed if documented. |
STIG | Date |
---|---|
Oracle Linux 5 Security Technical Implementation Guide | 2015-06-05 |
Check Text ( C-52611r2_chk ) |
---|
Determine if any network analysis tools are installed. Procedure: # find / -name ethereal # find / -name wireshark # find / -name tshark # find / -name nc # find / -name tcpdump # find / -name snoop If any network analysis tools are found, this is a finding. |
Fix Text (F-54731r4_fix) |
---|
Remove each network analysis tool binary from the system. Remove package items with a package manager, others remove the binary directly. Procedure: Find the binary file: # find / -name Find the package, if any, to which it belongs: # rpm -qf Remove the package if it does not also include other software: # rpm -e or # yum remove If the item to be removed is not in a package, or the entire package cannot be removed because of other software it provides, remove the item's binary file. # rm |