Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22557 | GEN008020 | SV-38381r1_rule | DCNR-1 | Medium |
Description |
---|
The NSS LDAP service provides user mappings which are a vital component of system security. Communication between an LDAP server and a host using LDAP for NSS require authentication. |
STIG | Date |
---|---|
HP-UX 11.23 Security Technical Implementation Guide | 2015-06-12 |
Check Text ( C-36762r1_chk ) |
---|
Determine if the system uses LDAP. If it does not, this is not applicable. # swlist | grep LDAP OR # cat /etc/nsswitch.conf | tr '\011' ' ' | tr -s ' ' | sed -e 's/^[ \t]*//' | grep -v "^#" | grep -i ldap If no lines are returned for either of the above commands, LDAP is not installed and this is not applicable. If the LDAP product is installed: # cat /etc/opt/ldapux/ldapux_client.conf | tr '\011' ' ' | tr -s ' ' | sed -e 's/^[ \t]*//' | grep -v "^#" | grep -i peer_cert_policy If /etc/opt/ldapux/ldapux_client.conf setting is peer_cert_policy=WEAK, this is a finding. |
Fix Text (F-32145r1_fix) |
---|
Edit /etc/opt/ldapux/ldapux_client.conf and set # Perform the CERT check peer_cert_policy=CERT OR # Perform the CERT check PLUS peer_cert_policy=CNCERT |