Verify that 'use_mappers' is set to 'pwent' in PAM
An XCCDF Rule
Description
The operating system must map the authenticated identity to the user or
group account for PKI-based authentication.
Verify that use_mappers is set to pwent in
/etc/pam_pkcs11/pam_pkcs11.conf file with the following command:
$ grep ^use_mappers /etc/pam_pkcs11/pam_pkcs11.conf use_mappers = pwent
Rationale
Without mapping the certificate used to authenticate to the user account, the ability to determine the identity of the individual user or group will not be available for forensic analysis.
- ID
- xccdf_org.ssgproject.content_rule_verify_use_mappers
- Severity
- Low
- Updated
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- DISA-STIG-UBTU-20-010006
- low_complexity
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if dpkg-query --show --showformat='${db:Status-Status}
' 'kernel' 2>/dev/null | grep -q installed; then
if [ -e "/etc/pam_pkcs11/pam_pkcs11.conf" ] ; then