1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
documentation_complete: true
title: 'Enable the LDAP Client For Use in Authconfig'
description: |-
To determine if LDAP is being used for authentication, use the following
command:
<pre>$ sudo grep -i useldapauth /etc/sysconfig/authconfig</pre>
<br /><br />
If <tt>USELDAPAUTH=yes</tt>, then LDAP is being used. If not, set <tt>USELDAPAUTH</tt>
to <tt>yes</tt>.
rationale: |-
Without cryptographic integrity protections, information can be
altered by unauthorized users without detection. The ssl directive specifies
whether to use TLS or not. If not specified it will default to no.
It should be set to start_tls rather than doing LDAP over SSL.
severity: medium
identifiers:
cce@rhel8: CCE-82418-5
cce@rhel10: CCE-88294-4
references:
cis-csc: 11,12,14,15,3,8,9
cobit5: APO13.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.04,DSS05.02,DSS05.03,DSS05.05,DSS06.06
disa: CCI-001453
isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 7.1,SR 7.6'
ism: 0418,1055,1402
iso27001-2013: A.11.2.6,A.12.1.2,A.12.5.1,A.12.6.2,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.6.2.1,A.6.2.2,A.9.1.2
nist: AC-17(a),CM-6(a)
nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4
srg: SRG-OS-000250-GPOS-00093
ocil_clause: 'USELDAPAUTH=yes is not configured correctly in /etc/sysconfig/authconfig'
ocil: |-
To determine if LDAP is being used for authentication, use the following
command:
<pre>$ sudo grep -i useldapauth /etc/sysconfig/authconfig</pre>
The output should return:
<pre>USELDAPAUTH=yes</pre>
|
