STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:SV-219564r603263_rule
V-219564
SRG-OS-000250
OL6-00-000253
CAT II
10
Ensure a copy of the site's CA certificate has been placed in the file "/etc/pki/tls/CA/cacert.pem". Configure LDAP to enforce TLS use and to trust certificates signed by the site's CA. First, edit the file "/etc/pam_ldap.conf", and add or correct either of the following lines:
tls_cacertdir /etc/pki/tls/CA
or
tls_cacertfile /etc/pki/tls/CA/cacert.pem
Then review the LDAP server and ensure TLS has been configured.
If the system does not use LDAP for authentication or account information, this is not applicable.
To ensure TLS is configured with trust certificates, run the following command:
# grep cert /etc/pam_ldap.conf
If there is no output, or the lines are commented out, this is a finding.
V-219564
False
OL6-00-000253
If the system does not use LDAP for authentication or account information, this is not applicable.
To ensure TLS is configured with trust certificates, run the following command:
# grep cert /etc/pam_ldap.conf
If there is no output, or the lines are commented out, this is a finding.
M
2928