Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
If the system is using LDAP for authentication or account information, the system must verify the LDAP servers certificate has not been revoked.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22558 | GEN008040 | SV-46285r1_rule | Medium |
| Description |
|---|
| LDAP can be used to provide user authentication and account information, which are vital to system security. Communication between an LDAP server and a host using LDAP requires authentication. |
| STIG | Date |
|---|---|
| SUSE Linux Enterprise Server v11 for System z | 2016-12-20 |
Details
| Check Text ( C-36834r1_chk ) |
|---|
| Check if the system is using NSS LDAP. # grep -v '^#' /etc/nsswitch.conf | grep ldap If no lines are returned, this vulnerability is not applicable. Verify the NSS LDAP client is configured to check certificates against a certificate revocation list. # grep -i '^tls_crlcheck' /etc/ldap.conf If the setting does not exist, or the value is not "all", this is a finding. |
| Fix Text (F-31672r1_fix) |
|---|
| Edit "/etc/ldap.conf" and add or set the "tls_crlcheck" setting to "all". |