STIGQter STIGQter: STIG Summary: Oracle Linux 5 Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 26 Oct 2018: The hosts.lpd file (or equivalent) must not contain a + character.

DISA Rule

SV-64115r1_rule

Vulnerability Number

V-827

Group Title

GEN003900

Rule Version

GEN003900

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure cups to use only the localhost or specified remote hosts.

Procedure:
Modify the /etc/cups/cupsd.conf file to "Listen" only to the local machine or a known set of hosts (i.e., Listen localhost:631).
Modify the /etc/cups/cupsd.conf file "<Location />" element to "Deny From All" and "Allow from 127.0.0.1" or allowed host addresses.

Restart cups:
# service cups restart

Check Contents

The operating system uses the CUPS print service. Verify remote host access is limited.

Procedure:
# grep -i Listen /etc/cups/cupsd.conf

The /etc/cups/cupsd.conf file must not contain a Listen *:<port> or equivalent line.

If the network address of the "Listen" line is unrestricted, this is a finding.

# grep -i "Allow From" /etc/cups/cupsd.conf

The "Allow From" line within the "<Location />" element should limit access to the printers to @LOCAL and specific hosts.
If the "Allow From" line contains "All" this is a finding.

Vulnerability Number

V-827

Documentable

False

Rule Version

GEN003900

Severity Override Guidance

The operating system uses the CUPS print service. Verify remote host access is limited.

Procedure:
# grep -i Listen /etc/cups/cupsd.conf

The /etc/cups/cupsd.conf file must not contain a Listen *:<port> or equivalent line.

If the network address of the "Listen" line is unrestricted, this is a finding.

# grep -i "Allow From" /etc/cups/cupsd.conf

The "Allow From" line within the "<Location />" element should limit access to the printers to @LOCAL and specific hosts.
If the "Allow From" line contains "All" this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

2207

Comments