{"description": "Deactivating wireless network interfaces should prevent normal usage of the wireless\ncapability.\n

\n\nVerify that there are no wireless interfaces configured on the system\nwith the following command:\n
$ ls -L -d /sys/class/net/*/wireless | xargs dirname | xargs basename -a
", "rationale": "The use of wireless networking can introduce many different attack vectors into\nthe organization's network. Common attack vectors such as malicious association\nand ad hoc networks will allow an attacker to spoof a wireless access point\n(AP), allowing validated systems to connect to the malicious AP and enabling the\nattacker to monitor and record network traffic. These malicious APs can also\nserve to create a man-in-the-middle attack or be used to create a denial of\nservice to valid network resources.", "severity": "medium", "references": {"cis-csc": ["11", "12", "14", "15", "3", "8", "9"], "cobit5": ["APO13.01", "BAI10.01", "BAI10.02", "BAI10.03", "BAI10.05", "DSS01.04", "DSS05.02", "DSS05.03", "DSS05.05", "DSS06.06"], "cui": ["3.1.16"], "isa-62443-2009": ["4.3.3.5.1", "4.3.3.5.2", "4.3.3.5.3", "4.3.3.5.4", "4.3.3.5.5", "4.3.3.5.6", "4.3.3.5.7", "4.3.3.5.8", "4.3.3.6.1", "4.3.3.6.2", "4.3.3.6.3", "4.3.3.6.4", "4.3.3.6.5", "4.3.3.6.6", "4.3.3.6.7", "4.3.3.6.8", "4.3.3.6.9", "4.3.3.7.1", "4.3.3.7.2", "4.3.3.7.3", "4.3.3.7.4", "4.3.4.3.2", "4.3.4.3.3"], "isa-62443-2013": ["SR 1.1", "SR 1.10", "SR 1.11", "SR 1.12", "SR 1.13", "SR 1.2", "SR 1.3", "SR 1.4", "SR 1.5", "SR 1.6", "SR 1.7", "SR 1.8", "SR 1.9", "SR 2.1", "SR 2.2", "SR 2.3", "SR 2.4", "SR 2.5", "SR 2.6", "SR 2.7", "SR 3.1", "SR 3.5", "SR 3.8", "SR 4.1", "SR 4.3", "SR 5.1", "SR 5.2", "SR 5.3", "SR 7.1", "SR 7.6"], "iso27001-2013": ["A.11.2.6", "A.12.1.2", "A.12.5.1", "A.12.6.2", "A.13.1.1", "A.13.2.1", "A.14.1.3", "A.14.2.2", "A.14.2.3", "A.14.2.4", "A.6.2.1", "A.6.2.2", "A.9.1.2"], "nist": ["AC-18(a)", "AC-18(3)", "CM-7(a)", "CM-7(b)", "CM-6(a)", "MP-7"], "nist-csf": ["PR.AC-3", "PR.IP-1", "PR.PT-3", "PR.PT-4"], "pcidss": ["Req-1.3.3"], "srg": ["SRG-OS-000299-GPOS-00117", "SRG-OS-000300-GPOS-00118", "SRG-OS-000424-GPOS-00188", "SRG-OS-000481-GPOS-00481"], "cis": ["3.1.2"], "ism": ["1315", "1319"], "pcidss4": ["1.3.3", "1.3"], "stigid": ["UBTU-22-291015"], "stigref": ["SV-260541r958358_rule"]}, "control_references": {"cis": ["3.1.2"], "ism": ["1315", "1319"], "pcidss4": ["1.3.3", "1.3"], "stigid": ["UBTU-22-291015"]}, "components": [], "identifiers": {}, "ocil_clause": "a wireless interface is configured and has not been documented and approved by the Information System Security Officer (ISSO)", "ocil": "Verify that there are no wireless interfaces configured on the system\nwith the following command:\n\n
$ ls -L -d /sys/class/net/*/wireless | xargs dirname | xargs basename -a
\nNote: This requirement is Not Applicable for systems that do not have physical wireless network radios.", "oval_external_content": null, "fixtext": "\nList all the wireless interfaces with the following command:\n
$ ls -L -d /sys/class/net/*/wireless | xargs dirname | xargs basename -a
\nFor each interface, configure the system to disable wireless network\ninterfaces with the following command:\n
$ sudo ifdown interface name
\nFor each interface listed, find their respective module with the\nfollowing command:\n
$ basename $(readlink -f /sys/class/net/interface name/device/driver)
\nwhere interface name must be substituted by the actual interface name.\nCreate a file in the /etc/modprobe.d directory and for each module,\nadd the following line:\n
install module name /bin/true
\nFor each module from the system, execute the following command to\nremove it:\n
$ sudo modprobe -r module name
", "checktext": "", "vuldiscussion": "", "srg_requirement": "Ubuntu 22.04 wireless network adapters must be disabled.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 wireless network adapters must be disabled.", "vuldiscussion": "This requirement applies to wireless peripheral technologies (e.g., wireless mice, keyboards, displays, etc.) used with Ubuntu 22.04 systems. Wireless peripherals (e.g., Wi-Fi/Bluetooth/IR keyboards, mice and pointing devices, and near field communications [NFC]) present a unique challenge by creating an open, unsecured port on a computer. Wireless peripherals must meet DOD requirements for wireless data transmission and be approved for use by the Authorizing Official (AO). Even though some wireless peripherals, such as mice and pointing devices, do not ordinarily carry information that need to be protected, modification of communications with these wireless peripherals may be used to compromise the Ubuntu 22.04 operating system.", "checktext": "Verify there are no wireless interfaces configured on the system with the following command:\n\nNote: This requirement is Not Applicable for systems that do not have physical wireless network radios.\n\n$ nmcli device status\n\nDEVICE TYPE STATE CONNECTION\nvirbr0 bridge connected virbr0\nwlp7s0 wifi connected wifiSSID\nenp6s0 ethernet disconnected --\np2p-dev-wlp7s0 wifi-p2p disconnected --\nlo loopback unmanaged --\nvirbr0-nic tun unmanaged --\n\nIf a wireless interface is configured and has not been documented and approved by the information system security officer (ISSO), this is a finding.", "fixtext": "Configure the system to disable all wireless network interfaces with the following command:\n\n$ nmcli radio all off"}}, "platform": "wifi-iface and not container", "platforms": ["wifi-iface and not container"], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": ["not_container_and_wifi-iface"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Deactivate Wireless Network Interfaces", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml", "template": null}