The Ubuntu operating system must map the authenticated identity to the user or group account for PKI-based authentication.

An XCCDF Rule

Details
Profiles

Description

Without mapping the certificate used to authenticate to the user account, the ability to determine the identity of the individual user or group will not be available for forensic analysis.

ID: SV-219316r880891_rule
Version: UBTU-18-010426
Severity: High
References: CCI-000187
Updated: 15 days ago

Remediation Templates

Install libpam-pkcs11 package on the system. 

Set use_mappers=pwent in /etc/pam_pkcs11/pam_pkcs11.conf

If the system is missing an "/etc/pam_pkcs11/" directory and an "/etc/pam_pkcs11/pam_pkcs11.conf", find an example to copy into place and modify accordingly at "/usr/share/doc/libpam-pkcs11/examples/pam_pkcs11.conf.example.gz".

The Ubuntu operating system must map the authenticated identity to the user or group account for PKI-based authentication.

Description

Remediation Templates

A Manual Procedure