Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22564 | GEN008160 | SV-38387r1_rule | ECLP-1 | Medium |
Description |
---|
LDAP can be used to provide user authentication and account information, which are vital to system security. The LDAP client configuration must be protected from unauthorized modification. |
STIG | Date |
---|---|
HP-UX 11.31 Security Technical Implementation Guide | 2017-05-19 |
Check Text ( C-36771r1_chk ) |
---|
Determine if the system uses LDAP. If it does not, this is not applicable. # swlist | grep LDAP OR # cat /etc/nsswitch.conf | tr '\011' ' ' | tr -s ' ' | sed -e 's/^[ \t]*//' | grep -v "^#" | grep -i ldap If nothing is returned for either of the above commands, this is not applicable. If LDAP is installed, check the group ownership of the LDAP cert file(s). # ls -lLd /etc/opt/ldapux # ls -lLa /etc/opt/ldapux/cert8.db If a certificate file or directory is not group-owned by root, bin, sys or other, this is a finding. |
Fix Text (F-32153r1_fix) |
---|
Change the group ownership of LDAP client certificate directory/files to root, bin, sys, or other. # chgrp root # chgrp root |