To verify that Samba clients using mount.cifs must use packet signing, run the following command:
# grep sec /etc/fstab /etc/mtab
The output should show either "krb5i" or "ntlmv2i" in use. If it does not, this is a finding.
Fix Text (F-43607r1_fix)
Require packet signing of clients who mount Samba shares using the "mount.cifs" program (e.g., those who specify shares in "/etc/fstab"). To do so, ensure signing options (either "sec=krb5i" or "sec=ntlmv2i") are used.
See the "mount.cifs(8)" man page for more information. A Samba client should only communicate with servers who can support SMB packet signing.