Detections
Analytics
GEN003865 - Network analysis tools must not be installed - 'wireshark'
Information
Network analysis tools allow for the capture of network traffic visible to the system.If the system is being used as a network analysis/troubleshooting system then these tools are allowed if documented.
Solution
Remove each network analysis tool binary from the system. Remove package items with a package manager, others remove the binary directly.Procedure:
Find the binary file:
# find / -name <Item to be removed>
Find the package, if any, to which it belongs:
# rpm -qf <binary file>
Remove the package if it does not also include other software:
# rpm -e <package name>
or
# yum remove <package name>
If the item to be removed is not in a package, or the entire package cannot be removed because of other software it provides, remove the item's binary file.
# rm <binary file>
See Also
http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip
Item Details
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-7, CAT|II, CCI|CCI-000305, Group-ID|V-12049, Rule-ID|SV-37446r2_rule, STIG-ID|GEN003865, Vuln-ID|V-12049
Plugin: Unix
Control ID: 5c4f3426d65e6d19b703513f2c3a589805d3b5118ea69b678e13b450e1599095