Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-219316 | UBTU-18-010426 | SV-219316r610963_rule | High |
Description |
---|
Without mapping the certificate used to authenticate to the user account, the ability to determine the identity of the individual user or group will not be available for forensic analysis. |
STIG | Date |
---|---|
Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide | 2021-06-16 |
Check Text ( C-21041r305276_chk ) |
---|
Verify the Ubuntu operating system has the 'libpam-pkcs11’ package installed, by running the following command: # dpkg -l | grep libpam-pkcs11 If "libpam-pkcs11" is not installed, this is a finding. Check if use_mappers is set to pwent in /etc/pam_pkcs11/pam_pkcs11.conf file # grep use_mappers /etc/pam_pkcs11/pam_pkcs11.conf use_mappers = pwent If ‘use_mappers’ is not found or is not set to pwent this is a finding. |
Fix Text (F-21040r305277_fix) |
---|
Install libpam-pkcs11 package on the system. Set use_mappers=pwent in /etc/pam_pkcs11/pam_pkcs11.conf If the system is missing an "/etc/pam_pkcs11/" directory and an "/etc/pam_pkcs11/pam_pkcs11.conf", find an example to copy into place and modify accordingly at "/usr/share/doc/libpam-pkcs11/examples/pam_pkcs11.conf.example.gz". |