STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The SUSE operating system wireless network adapters must be disabled unless approved and documented.

DISA Rule

SV-217298r603262_rule

Vulnerability Number

V-217298

Group Title

SRG-OS-000299-GPOS-00117

Rule Version

SLES-12-030450

Severity

CAT II

CCI(s)

• CCI-001443 - The information system protects wireless access to the system using authentication of users and/or devices.
• CCI-001444 - The information system protects wireless access to the system using encryption.
• CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.

Weight

10

Fix Recommendation

Configure the SUSE operating system to disable all wireless network interfaces with the following command:

For each interface of type wireless, bring the interface into "down" state:

# wicked ifdown wlan0

For each interface of type wireless with a configuration of type "compat:suse:", remove the associated file:

# rm /etc/sysconfig/network/ifcfg-wlan0

For each interface of type wireless, for each configuration of type "wicked:xml:", remove the associated file or remove the interface configuration from the file.

# rm /etc/wicked/ifconfig/wlan0.xml

Check Contents

Verify that the SUSE operating system has no wireless network adapters enabled.

Check that there are no wireless interfaces configured on the system with the following command:

# wicked show all

lo up
link: #1, state up
type: loopback
config: compat:suse:/etc/sysconfig/network/ifcfg-lo
leases: ipv4 static granted
leases: ipv6 static granted
addr: ipv4 127.0.0.1/8 [static]
addr: ipv6 ::1/128 [static]

eth0 up
link: #2, state up, mtu 1500
type: ethernet, hwaddr 06:00:00:00:00:01
config: compat:suse:/etc/sysconfig/network/ifcfg-eth0
leases: ipv4 dhcp granted
leases: ipv6 dhcp granted, ipv6 auto granted
addr: ipv4 10.0.0.100/16 [dhcp]
route: ipv4 default via 10.0.0.1 proto dhcp

wlan0 up
link: #3, state up, mtu 1500
type: wireless, hwaddr 06:00:00:00:00:02
config: wicked:xml:/etc/wicked/ifconfig/wlan0.xml
leases: ipv4 dhcp granted
addr: ipv4 10.0.0.101/16 [dhcp]
route: ipv4 default via 10.0.0.1 proto dhcp

If a wireless interface is configured it must be documented and approved by the local Authorizing Official.

If a wireless interface is configured and has not been documented and approved, this is a finding.

Vulnerability Number

V-217298

Documentable

False

Rule Version

SLES-12-030450

Severity Override Guidance

Verify that the SUSE operating system has no wireless network adapters enabled.

Check that there are no wireless interfaces configured on the system with the following command:

# wicked show all

lo up
link: #1, state up
type: loopback
config: compat:suse:/etc/sysconfig/network/ifcfg-lo
leases: ipv4 static granted
leases: ipv6 static granted
addr: ipv4 127.0.0.1/8 [static]
addr: ipv6 ::1/128 [static]

eth0 up
link: #2, state up, mtu 1500
type: ethernet, hwaddr 06:00:00:00:00:01
config: compat:suse:/etc/sysconfig/network/ifcfg-eth0
leases: ipv4 dhcp granted
leases: ipv6 dhcp granted, ipv6 auto granted
addr: ipv4 10.0.0.100/16 [dhcp]
route: ipv4 default via 10.0.0.1 proto dhcp

wlan0 up
link: #3, state up, mtu 1500
type: wireless, hwaddr 06:00:00:00:00:02
config: wicked:xml:/etc/wicked/ifconfig/wlan0.xml
leases: ipv4 dhcp granted
addr: ipv4 10.0.0.101/16 [dhcp]
route: ipv4 default via 10.0.0.1 proto dhcp

If a wireless interface is configured it must be documented and approved by the local Authorizing Official.

If a wireless interface is configured and has not been documented and approved, this is a finding.

Check Content Reference

M

Target Key

4033

Comments