Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-209011 | OL6-00-000273 | SV-209011r505921_rule | Low |
Description |
---|
Packet signing can prevent man-in-the-middle attacks which modify SMB packets in transit. |
STIG | Date |
---|---|
Oracle Linux 6 Security Technical Implementation Guide | 2020-09-10 |
Check Text ( C-9264r357818_chk ) |
---|
If Samba is not in use, this is not applicable. To verify that Samba clients using mount.cifs must use packet signing, run the following command: # grep sec /etc/fstab /etc/mtab The output should show either "krb5i" or "ntlmv2i" in use. If it does not, this is a finding. |
Fix Text (F-9264r357819_fix) |
---|
Require packet signing of clients who mount Samba shares using the "mount.cifs" program (e.g., those who specify shares in "/etc/fstab"). To do so, ensure signing options (either "sec=krb5i" or "sec=ntlmv2i") are used. See the "mount.cifs(8)" man page for more information. A Samba client should only communicate with servers who can support SMB packet signing. |