STIGQter STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Ubuntu operating system must map the authenticated identity to the user or group account for PKI-based authentication.

DISA Rule

SV-219316r610963_rule

Vulnerability Number

V-219316

Group Title

SRG-OS-000068-GPOS-00036

Rule Version

UBTU-18-010426

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Install libpam-pkcs11 package on the system.

Set use_mappers=pwent in /etc/pam_pkcs11/pam_pkcs11.conf

If the system is missing an "/etc/pam_pkcs11/" directory and an "/etc/pam_pkcs11/pam_pkcs11.conf", find an example to copy into place and modify accordingly at "/usr/share/doc/libpam-pkcs11/examples/pam_pkcs11.conf.example.gz".

Check Contents

Verify the Ubuntu operating system has the 'libpam-pkcs11’ package installed, by running the following command:

# dpkg -l | grep libpam-pkcs11

If "libpam-pkcs11" is not installed, this is a finding.

Check if use_mappers is set to pwent in /etc/pam_pkcs11/pam_pkcs11.conf file
# grep use_mappers /etc/pam_pkcs11/pam_pkcs11.conf
use_mappers = pwent

If ‘use_mappers’ is not found or is not set to pwent this is a finding.

Vulnerability Number

V-219316

Documentable

False

Rule Version

UBTU-18-010426

Severity Override Guidance

Verify the Ubuntu operating system has the 'libpam-pkcs11’ package installed, by running the following command:

# dpkg -l | grep libpam-pkcs11

If "libpam-pkcs11" is not installed, this is a finding.

Check if use_mappers is set to pwent in /etc/pam_pkcs11/pam_pkcs11.conf file
# grep use_mappers /etc/pam_pkcs11/pam_pkcs11.conf
use_mappers = pwent

If ‘use_mappers’ is not found or is not set to pwent this is a finding.

Check Content Reference

M

Target Key

4055

Comments