STIGQter STIGQter: STIG Summary: VMware ESX 3 Server Version: 1 Release: 2 Benchmark Date: 22 Jul 2016: If the system is using LDAP for authentication or account information, the TLS certificate authority file and/or directory (as appropriate) must have mode 0644 (0755 for directories) or less permissive.

DISA Rule

SV-26952r1_rule

Vulnerability Number

V-22565

Group Title

GEN008180

Rule Version

GEN008180

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Change the mode of the file or directory.

File Procedure:
# chmod 0644 <certpath>

Directory Procedure:
# chmod 0755 <certpath>

Check Contents

Determine the certificate authority file and/or directory.

Procedure:
# grep -i '^tls_cacert' /etc/ldap.conf
For each file or directory returned, check the permissions.

Procedure:
# ls -lLd <certpath>

If the mode of the file is more permissive than 0644 (or 0755 for directories), this is a finding.

Vulnerability Number

V-22565

Documentable

False

Rule Version

GEN008180

Severity Override Guidance

Determine the certificate authority file and/or directory.

Procedure:
# grep -i '^tls_cacert' /etc/ldap.conf
For each file or directory returned, check the permissions.

Procedure:
# ls -lLd <certpath>

If the mode of the file is more permissive than 0644 (or 0755 for directories), this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

1386

Comments