{"description": "To require samba clients running <tt>smbclient</tt> to use\npacket signing, add the following to the <tt>[global]</tt> section\nof the Samba configuration file, <tt>/etc/samba/smb.conf</tt>:\n<pre>client signing = mandatory</pre>\nRequiring samba clients such as <tt>smbclient</tt> to use packet\nsigning ensures they can\nonly communicate with servers that support packet signing.", "rationale": "Packet signing can prevent\nman-in-the-middle attacks which modify SMB packets in\ntransit.", "severity": "unknown", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "it is not", "ocil": "To verify that Samba clients running smbclient must use packet signing, run the following command:\n<pre>$ grep signing /etc/samba/smb.conf</pre>\nThe output should show:\n<pre>client signing = mandatory</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Require Client SMB Packet Signing, if using smbclient", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/rule.yml", "template": null}