STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

The SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).

DISA Rule

SV-234869r622137_rule

Vulnerability Number

V-234869

Group Title

SRG-OS-000068-GPOS-00036

Rule Version

SLES-15-020030

Severity

CAT II

CCI(s)

• CCI-000187 - The information system, for PKI-based authentication, maps the authenticated identity to the account of the individual or group.
• CCI-001954 - The information system electronically verifies Personal Identity Verification (PIV) credentials.
• CCI-001948 - The information system implements multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.
• CCI-001953 - The information system accepts Personal Identity Verification (PIV) credentials.
• CCI-000765 - The information system implements multifactor authentication for network access to privileged accounts.
• CCI-000766 - The information system implements multifactor authentication for network access to non-privileged accounts.
• CCI-000767 - The information system implements multifactor authentication for local access to privileged accounts.
• CCI-000768 - The information system implements multifactor authentication for local access to non-privileged accounts.

Weight

10

Fix Recommendation

Configure the SUSE operating system to implement multifactor authentication for remote access to privileged accounts via PAM.

Add or update "pam_pkcs11.so" in "/etc/pam.d/common-auth" to match the following line:

auth sufficient pam_pkcs11.so

Check Contents

Verify the SUSE operating system implements multifactor authentication for remote access to privileged accounts via PAM.

Check that the "pam_pkcs11.so" option is configured in the "/etc/pam.d/common-auth" file with the following command:

> grep pam_pkcs11.so /etc/pam.d/common-auth

auth sufficient pam_pkcs11.so

If "pam_pkcs11.so" is not set in "/etc/pam.d/common-auth", this is a finding.

Vulnerability Number

V-234869

Documentable

False

Rule Version

SLES-15-020030

Severity Override Guidance

Verify the SUSE operating system implements multifactor authentication for remote access to privileged accounts via PAM.

Check that the "pam_pkcs11.so" option is configured in the "/etc/pam.d/common-auth" file with the following command:

> grep pam_pkcs11.so /etc/pam.d/common-auth

auth sufficient pam_pkcs11.so

If "pam_pkcs11.so" is not set in "/etc/pam.d/common-auth", this is a finding.

Check Content Reference

M

Target Key

5274

Comments