From SUSE Linux Enterprise Server v11 for System z
Part of GEN006080
Associated with: CCI-001436
SWAT is a tool used to configure Samba. It modifies Samba configuration, which can impact system security, and must be protected from unauthorized access. SWAT authentication may involve the root password, which must be protected by encryption when traversing the network.
SWAT is a tool for configuring Samba and should only be found on a system with a requirement for Samba. If SWAT is used, it must be utilized with SSH to ensure a secure connection between the client and the server. Procedure: # grep -H "bin/swat" /etc/xinetd.d/*|cut -d: -f1 |xargs grep "only_from" If the value of the "only_from" line in the "xinetd.d" file which starts with "/usr/sbin/swat" does not contain "localhost" or the equivalent, this is a finding.
Disable SWAT or require that SWAT is only accessed via SSH. Procedure: If SWAT is required, but not at all times, disable it when it is not needed. Modify the /etc/xinetd.d file for "swat" to contain a "disable = yes" line. To access using SSH: Follow vendor configuration documentation to create an stunnel for SWAT.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer