UCF STIG Viewer Logo

For systems using NSS LDAP, the TLS certificate file must be owned by root.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22567 GEN008220 SV-37965r1_rule ECLP-1 Medium
Description
The NSS LDAP service provides user mappings which are a vital component of system security. Its configuration must be protected from unauthorized modification.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2017-03-01

Details

Check Text ( C-37263r1_chk )
Determine the certificate file.
# grep -i '^tls_cert' /etc/ldap.conf
Check the ownership.
# ls -lL
If the owner of the file is not root, this is a finding.

Fix Text (F-32470r1_fix)
Change the ownership of the file.
# chown root