Ensure system-auth and password-auth files are symbolic links pointing to system-auth-local and password-auth-local

An XCCDF Rule

Description

Red Hat Enterprise Linux 7 must be configured to prevent overwriting of custom authentication configuration settings by the authconfig utility. This can be avoided by creating new local configuration files and creating new or moving existing symbolic links to them. The authconfig utility will recognize the local configuration files and not overwrite them, while writing its own settings to the original configuration files.

warning alert: Warning

This rule doesn't come with a remediation. PAM files are very sensible to ordering and custom PAM files make it nearly impossible to design an automated remediation that is safe to use for all cases.

Rationale

When using the authconfig utility to modify authentication configuration settings, the "system-auth" and "password-auth" files and any custom settings that they may contain are overwritten.

ID: xccdf_org.ssgproject.content_rule_authconfig_config_files_symlinks
Severity: Medium
References: CCI-000196

SRG-OS-000073-GPOS-00041

RHEL-07-010199

SV-255928r917838_rule

CCE-86062-7
Updated: about 1 year ago