STIGQter STIGQter: STIG Summary: Red Hat Enterprise Linux 6 Security Technical Implementation Guide Version: 1 Release: 24 Benchmark Date: 25 Oct 2019: The system must use SMB client signing for connecting to samba servers using smbclient.

DISA Rule

SV-50457r1_rule

Vulnerability Number

V-38656

Group Title

SRG-OS-999999

Rule Version

RHEL-06-000272

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

To require samba clients running "smbclient" to use packet signing, add the following to the "[global]" section of the Samba configuration file in "/etc/samba/smb.conf":

client signing = mandatory

Requiring samba clients such as "smbclient" to use packet signing ensures they can only communicate with servers that support packet signing.

Check Contents

To verify that Samba clients running smbclient must use packet signing, run the following command:

# grep signing /etc/samba/smb.conf

The output should show:

client signing = mandatory


If it is not, this is a finding.

Vulnerability Number

V-38656

Documentable

False

Rule Version

RHEL-06-000272

Severity Override Guidance

To verify that Samba clients running smbclient must use packet signing, run the following command:

# grep signing /etc/samba/smb.conf

The output should show:

client signing = mandatory


If it is not, this is a finding.

Check Content Reference

M

Target Key

2367

Comments