STIGQter STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021:

The Ubuntu operating system must map the authenticated identity to the user or group account for PKI-based authentication.

DISA Rule

SV-238201r653778_rule

Vulnerability Number

V-238201

Group Title

SRG-OS-000068-GPOS-00036

Rule Version

UBTU-20-010006

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Set "use_mappers=pwent" in "/etc/pam_pkcs11/pam_pkcs11.conf" or, if there is already a comma-separated list of mappers, add it to the list, separated by comma, and before the null mapper.

If the system is missing an "/etc/pam_pkcs11/" directory and an "/etc/pam_pkcs11/pam_pkcs11.conf", find an example to copy into place and modify accordingly at "/usr/share/doc/libpam-pkcs11/examples/pam_pkcs11.conf.example.gz".

Check Contents

Verify that "use_mappers" is set to "pwent" in "/etc/pam_pkcs11/pam_pkcs11.conf" file:

$ grep ^use_mappers /etc/pam_pkcs11/pam_pkcs11.conf
use_mappers = pwent

If "use_mappers" is not found or the list does not contain "pwent" this is a finding.

Vulnerability Number

V-238201

Documentable

False

Rule Version

UBTU-20-010006

Severity Override Guidance

Verify that "use_mappers" is set to "pwent" in "/etc/pam_pkcs11/pam_pkcs11.conf" file:

$ grep ^use_mappers /etc/pam_pkcs11/pam_pkcs11.conf
use_mappers = pwent

If "use_mappers" is not found or the list does not contain "pwent" this is a finding.

Check Content Reference

M

Target Key

5318

Comments