Network analysis tools must not be installed.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-12049	GEN003865	SV-64029r2_rule		Medium

Description
Network analysis tools allow for the capture of network traffic visible to the system. If the system is being used as a network analysis/troubleshooting system then these tools are allowed if documented.

STIG	Date
Oracle Linux 5 Security Technical Implementation Guide	2016-12-20

Details

Check Text ( C-52611r2_chk )
Determine if any network analysis tools are installed. Procedure: # find / -name ethereal # find / -name wireshark # find / -name tshark # find / -name nc # find / -name tcpdump # find / -name snoop If any network analysis tools are found, this is a finding.

Fix Text (F-54731r4_fix)
Remove each network analysis tool binary from the system. Remove package items with a package manager, others remove the binary directly. Procedure: Find the binary file: # find / -name Find the package, if any, to which it belongs: # rpm -qf Remove the package if it does not also include other software: # rpm -e or # yum remove If the item to be removed is not in a package, or the entire package cannot be removed because of other software it provides, remove the item's binary file. # rm

Fix Text (F-54731r4_fix)

Remove each network analysis tool binary from the system. Remove package items with a package manager, others remove the binary directly.

Procedure:
Find the binary file:

# find / -name

Find the package, if any, to which it belongs:

# rpm -qf

Remove the package if it does not also include other software:

# rpm -e

or

# yum remove

If the item to be removed is not in a package, or the entire package cannot be removed because of other software it provides, remove the item's binary file.

# rm