STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:SV-234817r622137_rule
V-234817
SRG-OS-000066-GPOS-00034
SLES-15-010170
CAT II
10
Configure the SUSE operating system for PKI-based authentication to validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
Modify all of the cert_policy lines in "/etc/pam_pkcs11/pam_pkcs11.conf" to include "ca":
cert_policy = ca,signature,oscp_on;
Note: Additional certificate validation polices are permitted.
Additional information on the configuration of multifactor authentication on the SUSE operating system can be found at https://www.suse.com/communities/blog/configuring-smart-card-authentication-suse-linux-enterprise/.
Verify the SUSE operating system for PKI-based authentication had valid certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
Check that the certification path to an accepted trust anchor for multifactor authentication is implemented with the following command:
> grep cert_policy /etc/pam_pkcs11/pam_pkcs11.conf
cert_policy = ca,oscp_on,signature,crl_auto;
If "cert_policy" is not set to include "ca", this is a finding.
V-234817
False
SLES-15-010170
Verify the SUSE operating system for PKI-based authentication had valid certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
Check that the certification path to an accepted trust anchor for multifactor authentication is implemented with the following command:
> grep cert_policy /etc/pam_pkcs11/pam_pkcs11.conf
cert_policy = ca,oscp_on,signature,crl_auto;
If "cert_policy" is not set to include "ca", this is a finding.
M
5274