Detections
Analytics
GEN008020 - The LDAP TLS connection must require a certificate and this certificate has a valid path to a trusted CA - 'Not Applicable'
Information
LDAP can be used to provide user authentication and account information, which are vital to system security. Communication between an LDAP server and a host using LDAP requires authentication.Solution
Create a key database with DoD PKI or DoD-approved certificate.#gsk7cmd
OR
#ikeyman
Edit /etc/security/ldap/ldap.conf and add or edit the ldapsslkeyf setting to reference a file containing a client certificate issued by DoD PKI or a DoD-approved external PKI.
See Also
http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip
Item Details
Audit Name: DISA AIX 5.3 STIG v1r2
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-5(2)(a), CAT|II, CCI|CCI-000185, Rule-ID|SV-38966r1_rule, STIG-ID|GEN008020, Vuln-ID|V-22557
Plugin: Unix
Control ID: ce28c2dfa472971eaa0d37d95372a5cee546bafaf5affcf25057099479ca09f3