Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-235006 | SLES-15-040220 | SV-235006r622137_rule | Medium |
Description |
---|
The "pam-config" command line utility automatically generates a system PAM configuration as packages are installed, updated, or removed from the system. "pam-config" removes configurations for PAM modules and parameters that it does not know about. It may render ineffective PAM configuration by the system administrator and thus impact system security. |
STIG | Date |
---|---|
SUSE Linux Enterprise Server 15 Security Technical Implementation Guide | 2022-09-07 |
Check Text ( C-38194r619287_chk ) |
---|
Verify the SUSE operating system is configured to not overwrite PAM configuration on package changes. Check that soft links between PAM configuration files are removed with the following command: > find /etc/pam.d/ -type l -iname "common-*" If any results are returned, this is a finding. |
Fix Text (F-38157r619288_fix) |
---|
Copy the PAM configuration files to their static locations and remove the SUSE operating system soft links for the PAM configuration files with the following command: > sudo sh -c 'for X in /etc/pam.d/common-*-pc; do cp -ivp --remove-destination $X ${X:0:-3}; done' Additional information on the configuration of multifactor authentication on the SUSE operating system can be found at https://www.suse.com/communities/blog/configuring-smart-card-authentication-suse-linux-enterprise/. |