The system must use SMB client signing for connecting to samba servers using mount.cifs.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-218025 | RHEL-06-000273 | SV-218025r505923_rule | Low |
| Description |
|---|
| Packet signing can prevent man-in-the-middle attacks which modify SMB packets in transit. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2020-09-03 |
Details
| Check Text ( C-19506r377090_chk ) |
|---|
| If Samba is not in use, this is not applicable. To verify that Samba clients using mount.cifs must use packet signing, run the following command: # grep sec /etc/fstab /etc/mtab The output should show either "krb5i" or "ntlmv2i" in use. If it does not, this is a finding. |
| Fix Text (F-19504r377091_fix) |
|---|
| Require packet signing of clients who mount Samba shares using the "mount.cifs" program (e.g., those who specify shares in "/etc/fstab"). To do so, ensure signing options (either "sec=krb5i" or "sec=ntlmv2i") are used. See the "mount.cifs(8)" man page for more information. A Samba client should only communicate with servers who can support SMB packet signing. |