Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-38657 | RHEL-06-000273 | SV-50458r2_rule | Low |
Description |
---|
Packet signing can prevent man-in-the-middle attacks which modify SMB packets in transit. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2015-05-26 |
Check Text ( C-46218r4_chk ) |
---|
If Samba is not in use, this is not applicable. To verify that Samba clients using mount.cifs must use packet signing, run the following command: # grep sec /etc/fstab /etc/mtab The output should show either "krb5i" or "ntlmv2i" in use. If it does not, this is a finding. |
Fix Text (F-43607r1_fix) |
---|
Require packet signing of clients who mount Samba shares using the "mount.cifs" program (e.g., those who specify shares in "/etc/fstab"). To do so, ensure signing options (either "sec=krb5i" or "sec=ntlmv2i") are used. See the "mount.cifs(8)" man page for more information. A Samba client should only communicate with servers who can support SMB packet signing. |