STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).

DISA Rule

SV-217301r603262_rule

Vulnerability Number

V-217301

Group Title

SRG-OS-000068-GPOS-00036

Rule Version

SLES-12-030520

Severity

CAT II

CCI(s)

• CCI-000765 - The information system implements multifactor authentication for network access to privileged accounts.
• CCI-000766 - The information system implements multifactor authentication for network access to non-privileged accounts.
• CCI-000767 - The information system implements multifactor authentication for local access to privileged accounts.
• CCI-000768 - The information system implements multifactor authentication for local access to non-privileged accounts.
• CCI-000187 - The information system, for PKI-based authentication, maps the authenticated identity to the account of the individual or group.
• CCI-001948 - The information system implements multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.
• CCI-001953 - The information system accepts Personal Identity Verification (PIV) credentials.
• CCI-001954 - The information system electronically verifies Personal Identity Verification (PIV) credentials.

Weight

10

Fix Recommendation

Configure the SUSE operating system to implement multifactor authentication for remote access to privileged accounts via PAM.

Add or update "pam_pkcs11.so" in "/etc/pam.d/common-auth" to match the following line:

auth sufficient pam_pkcs11.so

Check Contents

Verify the SUSE operating system implements multifactor authentication for remote access to privileged accounts via pluggable authentication modules (PAM).

Check that the "pam_pkcs11.so" option is configured in the "/etc/pam.d/common-auth" file with the following command:

# grep pam_pkcs11.so /etc/pam.d/common-auth

auth sufficient pam_pkcs11.so

If "pam_pkcs11.so" is not set in "/etc/pam.d/common-auth", this is a finding.

Vulnerability Number

V-217301

Documentable

False

Rule Version

SLES-12-030520

Severity Override Guidance

Verify the SUSE operating system implements multifactor authentication for remote access to privileged accounts via pluggable authentication modules (PAM).

Check that the "pam_pkcs11.so" option is configured in the "/etc/pam.d/common-auth" file with the following command:

# grep pam_pkcs11.so /etc/pam.d/common-auth

auth sufficient pam_pkcs11.so

If "pam_pkcs11.so" is not set in "/etc/pam.d/common-auth", this is a finding.

Check Content Reference

M

Target Key

4033

Comments