STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The system must use SMB client signing for connecting to samba servers using smbclient.

DISA Rule

SV-209010r603263_rule

Vulnerability Number

V-209010

Group Title

SRG-OS-000480

Rule Version

OL6-00-000272

Severity

CAT III

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

To require samba clients running "smbclient" to use packet signing, add the following to the "[global]" section of the Samba configuration file in "/etc/samba/smb.conf":

client signing = mandatory

Requiring samba clients such as "smbclient" to use packet signing ensures they can only communicate with servers that support packet signing.

Check Contents

To verify that Samba clients running smbclient must use packet signing, run the following command:

# grep signing /etc/samba/smb.conf

The output should show:

client signing = mandatory

If it is not, this is a finding.

Vulnerability Number

V-209010

Documentable

False

Rule Version

OL6-00-000272

Severity Override Guidance

Check Content Reference

Target Key

2928

The system must use SMB client signing for connecting to samba servers using smbclient.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments