STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The SUSE operating system must not have network interfaces in promiscuous mode unless approved and documented.

DISA Rule

SV-217297r603262_rule

Vulnerability Number

V-217297

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

SLES-12-030440

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the SUSE operating system network interfaces to turn off promiscuous mode unless approved by the ISSO and documented.

Set the promiscuous mode of an interface to off with the following command:

# ip link set dev <devicename> promisc off

Check Contents

Verify the SUSE operating system network interfaces are not in promiscuous mode unless approved by the ISSO and documented.

Check for the status with the following command:

# ip link | grep -i promisc

If network interfaces are found on the system in promiscuous mode and their use has not been approved by the ISSO and documented, this is a finding.

Vulnerability Number

V-217297

Documentable

False

Rule Version

SLES-12-030440

Severity Override Guidance

Verify the SUSE operating system network interfaces are not in promiscuous mode unless approved by the ISSO and documented.

Check for the status with the following command:

# ip link | grep -i promisc

If network interfaces are found on the system in promiscuous mode and their use has not been approved by the ISSO and documented, this is a finding.

Check Content Reference

M

Target Key

4033

Comments