UCF STIG Viewer Logo

For systems using NSS LDAP, the TLS certificate file must be owned by root.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22567 GEN008220 SV-26954r1_rule ECLP-1 Medium
Description
The NSS LDAP service provides user mappings which are a vital component of system security. Its configuration must be protected from unauthorized modification.
STIG Date
VMware ESX 3 Server 2016-05-13

Details

Check Text ( C-27901r1_chk )
Determine the certificate file.
# grep -i '^tls_cert' /etc/ldap.conf
Check the ownership.
# ls -lL
If the owner of the file is not root, this is a finding.
Fix Text (F-24216r1_fix)
Change the ownership of the file.
# chown root