CCE-99423-3| Platform: cpe:/o:redhat:enterprise_linux:9 | Date: (C)2023-07-04 (M)2023-07-14 |
If there is no need to mount directories and file systems to Windows systems, then smb service can be disabled to reduce the potential attack surface.Audit:Run the following command to verify `smb` is not enabled:
# systemctl is-enabled smbVerify result is not `enabled`.Fix:Run the following command to disable `smb`:# systemctl --now disable smb
Parameter:
[yes/no]
Technical Mechanism:
If there is no need to mount directories and file systems to Windows systems, then smb service can be disabled to reduce the potential attack surface. Run the following command to disable `smb`: # systemctl --now disable smb
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 6.6 | Attack Vector: NETWORK |
| Exploit Score: 0.7 | Attack Complexity: HIGH |
| Impact Score: 5.9 | Privileges Required: HIGH |
| Severity: MEDIUM | User Interaction: NONE |
| Vector: AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:86916 |
