{"description": "For each interface on the system (e.g. eth0), edit\n<tt>/etc/sysconfig/network-scripts/ifcfg-<i>interface</i></tt> and make the\nfollowing changes:\n<ul>\n<li> Correct the BOOTPROTO line to read:\n<pre>BOOTPROTO=none</pre>\n</li>\n<li> Add or correct the following lines, substituting the appropriate\nvalues based on your site's addressing scheme:\n<pre>NETMASK=255.255.255.0\nIPADDR=192.168.1.2\nGATEWAY=192.168.1.1</pre>\n</li>\n</ul>", "rationale": "DHCP relies on trusting the local network. If the local network is not trusted,\nthen it should not be used.  However, the automatic configuration provided by\nDHCP is commonly used and the alternative, manual configuration, presents an\nunacceptable burden in many circumstances.", "severity": "unknown", "references": {"cis-csc": ["11", "14", "3", "9"], "cobit5": ["BAI10.01", "BAI10.02", "BAI10.03", "BAI10.05", "DSS05.02", "DSS05.05", "DSS06.06"], "isa-62443-2009": ["4.3.3.5.1", "4.3.3.5.2", "4.3.3.5.3", "4.3.3.5.4", "4.3.3.5.5", "4.3.3.5.6", "4.3.3.5.7", "4.3.3.5.8", "4.3.3.6.1", "4.3.3.6.2", "4.3.3.6.3", "4.3.3.6.4", "4.3.3.6.5", "4.3.3.6.6", "4.3.3.6.7", "4.3.3.6.8", "4.3.3.6.9", "4.3.3.7.1", "4.3.3.7.2", "4.3.3.7.3", "4.3.3.7.4", "4.3.4.3.2", "4.3.4.3.3"], "isa-62443-2013": ["SR 1.1", "SR 1.10", "SR 1.11", "SR 1.12", "SR 1.13", "SR 1.2", "SR 1.3", "SR 1.4", "SR 1.5", "SR 1.6", "SR 1.7", "SR 1.8", "SR 1.9", "SR 2.1", "SR 2.2", "SR 2.3", "SR 2.4", "SR 2.5", "SR 2.6", "SR 2.7", "SR 7.6"], "iso27001-2013": ["A.12.1.2", "A.12.5.1", "A.12.6.2", "A.14.2.2", "A.14.2.3", "A.14.2.4", "A.9.1.2"], "nist": ["CM-6(a)"], "nist-csf": ["PR.IP-1", "PR.PT-3"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "it does not", "ocil": "To verify that DHCP is not being used, examine the following file for each interface:\n<pre># /etc/sysconfig/network-scripts/ifcfg-<i>interface</i></pre>\nLook for the following:\n<pre>BOOTPROTO=none</pre>\nand the following, substituting the appropriate values based on your site's addressing scheme:\n<pre>NETMASK=255.255.255.0\nIPADDR=192.168.1.2\nGATEWAY=192.168.1.1</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Disable DHCP Client in ifcfg", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/dhcp/disabling_dhcp_client/sysconfig_networking_bootproto_ifcfg/rule.yml", "template": null}