Skip to content

IDMS must reveal security-related messages only to authorized users.

An XCCDF Rule

Description

<VulnDiscussion>Error messages issued to non-privileged users may have contents that should be considered confidential. IDMS should be configured so that these messages are not issued to those users.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-251626r807745_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

In the source for RHDCOPTF, add lines: 

         #DEFOPT OPT00051              <-for messages sent to user
         #DEFOPT OPT00226              <-for messages sent to IDMS log

Then, reassemble and relink RHDCOPTF. Reload RHDCOPTF in the CV by issuing the following commands: