Check: AZLX-23-001130
Amazon Linux 2023 STIG:
AZLX-23-001130
(in version v1 r1)
Title
Amazon Linux 2023 must have the openssl-pkcs11 package installed. (Cat II impact)
Discussion
Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authentication. A privileged account is defined as an information system account with authorizations of a privileged user. The DOD Common Access Card (CAC) with DOD-approved PKI is an example of multifactor authentication. Satisfies: SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPOS-00161, SRG-OS-000377-GPOS-00162
Check Content
Verify Amazon Linux 2023 has the openssl-pkcs11 package installed with the following command: $ dnf list --installed openssl-pkcs11 Installed Packages openssl-pkcs11.x86_64 0.4.12-3.amzn2023.0.1 @System If the "openssl-pkcs11" package is not installed, this is a finding.
Fix Text
Configure Amazon Linux 2023 to have the openssl-pkcs11 package installed with the following command: $ sudo dnf install -y openssl-pkcs11
Additional Identifiers
Rule ID: SV-274037r1120099_rule
Vulnerability ID: V-274037
Group Title: SRG-OS-000375-GPOS-00160
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001953 |
Accept Personal Identity Verification-compliant credentials. |
| CCI-001954 |
Electronically verify Personal Identity Verification-compliant credentials. |
| CCI-004046 |
Implement multi-factor authentication for local; network; and/or remote access to privileged accounts; and/or non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access. |