Rule ID
SV-45811r1_rule
Version
V1R12
CCIs
Network analysis tools allow for the capture of network traffic visible to the system.
Determine if any network analysis tools are installed. Procedure: # find / -name ethereal # find / -name wireshark # find / -name tshark # find / -name netcat # find / -name tcpdump # find / -name snoop If any network analysis tools are found, this is a finding.
Remove each network analysis tool binary from the system. Remove package items with a package manager, others remove the binary directly. Procedure: Find the binary file: # find / -name <Item to be removed> Find the package, if any, to which it belongs: # rpm -qf <binary file> Remove the package if it does not also include other software: # rpm -e <package name> # SuSEconfig If the item to be removed is not in a package, or the entire package cannot be removed because of other software it provides, remove the item's binary file. # rm <binary file>