SV-227975r603266_rule
V-227975
SRG-OS-000480
GEN008180
CAT II
10
Change the mode of the certificate database files.
# chmod 0644 /var/ldap/cert8.db /var/ldap/key3.db /var/ldap/secmod.db
NOTE: Some SAs may prefer to set the permissions to 0600. This is acceptable.
Check if the system is using NSS LDAP.
# grep -v '^#' /etc/nsswitch.conf | grep ldap
If no lines are returned, this vulnerability is not applicable.
Verify the mode of the certificate database files.
# ls -lL /var/ldap/cert8.db /var/ldap/key3.db /var/ldap/secmod.db
If the mode of any of the files is more permissive than 0644, this is a finding.
V-227975
False
GEN008180
Check if the system is using NSS LDAP.
# grep -v '^#' /etc/nsswitch.conf | grep ldap
If no lines are returned, this vulnerability is not applicable.
Verify the mode of the certificate database files.
# ls -lL /var/ldap/cert8.db /var/ldap/key3.db /var/ldap/secmod.db
If the mode of any of the files is more permissive than 0644, this is a finding.
M
4061