UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

A system used for routing must not run other network services or applications.


Overview

Finding ID Version Rule ID IA Controls Severity
V-4398 GEN005580 SV-37924r2_rule DCSP-1 Medium
Description
Installing extraneous software on a system designated as a dedicated router poses a security threat to the system and the network. Should an attacker gain access to the router through the unauthorized software, the entire network is susceptible to malicious activity.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2015-06-12

Details

Check Text ( C-37160r2_chk )
If the system is a VM host and acts as a router solely for the benefit of its client systems, then this rule is not applicable.

Check to see if the system is a router:

# chkconfig --list | grep :on | egrep '(ospf|route|bgp|zebra|quagga)'

If the system is running a routing service, it is a router. If it is not, this is not applicable.

Check the system for non-routing network services.

Procedure:
# netstat -a | grep -i listen
# ps -ef

If non-routing services, including Web servers, file servers, DNS servers, or applications servers, but excluding management services such as SSH and SNMP, are running on the system, this is a finding.
Fix Text (F-32418r1_fix)
Ensure only authorized software is loaded on a designated router. Authorized software will be limited to the most current version of routing protocols and SSH for system administration purposes.