Skip to content

The Oracle Linux operating system must be configured to prevent overwriting of custom authentication configuration settings by the authconfig utility.

An XCCDF Rule

Description

<VulnDiscussion>When using the authconfig utility to modify authentication configuration settings, the "system-auth" and "password-auth" files and any custom settings that they may contain are overwritten. This can be avoided by creating new local configuration files and creating new or moving existing symbolic links to them. The authconfig utility will recognize the local configuration files and not overwrite them, while writing its own settings to the original configuration files.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-255902r1015197_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Create custom configuration files and their corresponding symbolic links:

Rename the existing configuration files (skip this step if symbolic links are already present):
     $ sudo mv /etc/pam.d/system-auth /etc/pam.d/system-auth-ac
     $ sudo mv /etc/pam.d/password-auth /etc/pam.d/password-auth-ac