STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

If LDAP authentication is required on AIX, SSL must be used between LDAP clients and the LDAP servers to protect the integrity of remote access sessions.

DISA Rule

SV-215214r508663_rule

Vulnerability Number

V-215214

Group Title

SRG-OS-000250-GPOS-00093

Rule Version

AIX7-00-001104

Severity

CAT II

CCI(s)

• CCI-001453 - The information system implements cryptographic mechanisms to protect the integrity of remote access sessions.

Weight

10

Fix Recommendation

Configure the LDAP client on AIX to use the SSL.

Edit /etc/security/ldap/ldap.cfg to have the following line:
useSSL:yes

Restart the client daemon:
# secldapclntd.

Check Contents

Run the following command to check if ldap_auth is used:

# grep -iE "^authtype:[[:blank:]]*ldap_auth" /etc/security/ldap/ldap.cfg

If the command has no output, this is Not Applicable.

Run the following command to check if SSL is used:

# grep -iE "^useSSL:[[:blank:]]*yes" /etc/security/ldap/ldap.cfg
useSSL:yes

If the command has no output, this is a finding.

Vulnerability Number

V-215214

Documentable

False

Rule Version

AIX7-00-001104

Severity Override Guidance

Run the following command to check if ldap_auth is used:

# grep -iE "^authtype:[[:blank:]]*ldap_auth" /etc/security/ldap/ldap.cfg

If the command has no output, this is Not Applicable.

Run the following command to check if SSL is used:

# grep -iE "^useSSL:[[:blank:]]*yes" /etc/security/ldap/ldap.cfg
useSSL:yes

If the command has no output, this is a finding.

Check Content Reference

M

Target Key

4012

Comments