Detections
Analytics
GEN006080 - The Samba Web Administration Tool (SWAT) must be restricted to the local host or require SSL - 'samba3x-swat'
Information
SWAT is a tool used to configure Samba. It modifies Samba configuration, which can impact system security, and must be protected from unauthorized access. SWAT authentication may involve the root password, which must be protected by encryption when traversing the network.Restricting access to the local host allows for the use of SSH TCP forwarding, if configured, or administration by a web browser on the local system.
Solution
Disable SWAT or require SWAT is only accessed via SSH.Procedure:
If SWAT is not needed for operation of the system remove the SWAT package:
# rpm -qa|grep swat
Remove 'samba-swat' or 'samba3x-swat' depending on which one is installed
# rpm --erase samba-swat
or
# rpm --erase samba3x-swat
If SWAT is required but not at all times disable it when it is not needed.
Modify the /etc/xinetd.d file for 'swat' to contain a 'disable = yes' line.
To access using SSH:
Follow vendor configuration documentation to create an stunnel for SWAT.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_5_V2R1_STIG.zip
Item Details
Audit Name: DISA STIG for Oracle Linux 5 v2r1
Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT
References: 800-53|AC-17(8), 800-53|CM-7a., CAT|II, CCI|CCI-000381, CCI|CCI-001436, Rule-ID|SV-218638r603259_rule, STIG-ID|GEN006080, STIG-Legacy|SV-64123, STIG-Legacy|V-1026, Vuln-ID|V-218638
Plugin: Unix
Control ID: 01174160d5a5547b130ed1ef76f7a5476d9c1b2cdf2e54f0ab42f507edb1a7c1