Detections
Analytics
GEN008100 - If the system is using LDAP the /etc/ldap.conf file must be group-owned by security, bin, sys, or system
Information
LDAP can be used to provide user authentication and account information, which are vital to system security. The LDAP client configuration must be protected from unauthorized modification.Solution
Change the group owner of the /etc/security/ldap/ldap.cfg file to security, bin, sys, or system.Procedure:
# chgrp security /etc/security/ldap/ldap.cfg
See Also
http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip
Item Details
Audit Name: DISA AIX 5.3 STIG v1r2
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6, CAT|II, CCI|CCI-000225, CSCv6|3.1, Rule-ID|SV-38971r1_rule, STIG-ID|GEN008100, Vuln-ID|V-22561
Plugin: Unix
Control ID: 2e9b13d87f84ba35f54e92dc4b308fe4cd4573cbb8840e60802dd9a74c12131a