Check: AIX7-00-001104
IBM AIX 7.x STIG:
AIX7-00-001104
(in versions v3 r1 through v1 r1)
Title
If LDAP authentication is required on AIX, SSL must be used between LDAP clients and the LDAP servers to protect the integrity of remote access sessions. (Cat II impact)
Discussion
If LDAP authentication is used, SSL must be used between LDAP clients and the LDAP servers to protect the integrity of remote access sessions.
Check Content
Run the following command to check if ldap_auth is used: # grep -iE "^authtype:[[:blank:]]*ldap_auth" /etc/security/ldap/ldap.cfg If the command has no output, this is Not Applicable. Run the following command to check if SSL is used: # grep -iE "^useSSL:[[:blank:]]*yes" /etc/security/ldap/ldap.cfg useSSL:yes If the command has no output, this is a finding.
Fix Text
Configure the LDAP client on AIX to use the SSL. Edit /etc/security/ldap/ldap.cfg to have the following line: useSSL:yes Restart the client daemon: # secldapclntd.
Additional Identifiers
Rule ID: SV-215214r991554_rule
Vulnerability ID: V-215214
Group Title: SRG-OS-000250-GPOS-00093
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001453 |
Implement cryptographic mechanisms to protect the integrity of remote access sessions. |
Controls
Number | Title |
---|---|
AC-17(2) |
Protection of Confidentiality / Integrity Using Encryption |