STIGQter STIGQter: STIG Summary: Oracle Linux 5 Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 26 Oct 2018: If the system is using LDAP for authentication or account information, the TLS certificate authority file and/or directory (as appropriate) must be group-owned by root, bin, sys, or system.

DISA Rule

SV-63291r1_rule

Vulnerability Number

V-22564

Group Title

GEN008160

Rule Version

GEN008160

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Change the group ownership of the file or directory.

# chgrp root <certpath>

Check Contents

Determine the certificate authority file and/or directory.

# grep -i '^tls_cacert' /etc/ldap.conf

For each file or directory returned, check the group ownership.

# ls -lLd <certpath>

If the group-owner of any file or directory is not root, bin, sys, or system, this is a finding.

Vulnerability Number

V-22564

Documentable

False

Rule Version

GEN008160

Severity Override Guidance

Determine the certificate authority file and/or directory.

# grep -i '^tls_cacert' /etc/ldap.conf

For each file or directory returned, check the group ownership.

# ls -lLd <certpath>

If the group-owner of any file or directory is not root, bin, sys, or system, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

2207

Comments