Network analysis tools must not be installed.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-12049	GEN003865	SV-37446r2_rule		Medium

Description
Network analysis tools allow for the capture of network traffic visible to the system. If the system is being used as a network analysis/troubleshooting system then these tools are allowed if documented.

STIG	Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide	2017-03-01

Details

Check Text ( C-36118r2_chk )
Determine if any network analysis tools are installed. Procedure: # find / -name ethereal # find / -name wireshark # find / -name tshark # find / -name nc # find / -name tcpdump # find / -name snoop If any network analysis tools are found, this is a finding

Fix Text (F-31364r2_fix)
Remove each network analysis tool binary from the system. Remove package items with a package manager, others remove the binary directly. Procedure: Find the binary file: # find / -name Find the package, if any, to which it belongs: # rpm -qf Remove the package if it does not also include other software: # rpm -e or # yum remove If the item to be removed is not in a package, or the entire package cannot be removed because of other software it provides, remove the item's binary file. # rm

Fix Text (F-31364r2_fix)

Remove each network analysis tool binary from the system. Remove package items with a package manager, others remove the binary directly.

Procedure:
Find the binary file:
# find / -name

Find the package, if any, to which it belongs:
# rpm -qf

Remove the package if it does not also include other software:
# rpm -e
or
# yum remove

If the item to be removed is not in a package, or the entire package cannot be removed because of other software it provides, remove the item's binary file.

# rm