Detections
Analytics
AZLX-23-001305 - Amazon Linux 2023 must prohibit the use of cached authenticators after one day.
Information
If cached authentication information is out-of-date, the validity of the authentication information may be questionable.Solution
Configure Amazon Linux 2023 SSSD service to prohibit the use of cached authentications after one day.Add or change the following line in "/etc/sssd/sssd.conf" just below the line [pam]:
offline_credentials_expiration = 1
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Amazon_Linux_2023_V1R2_STIG.zip
Item Details
Audit Name: DISA Amazon Linux 2023 STIG v1r2
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-5(13), CAT|II, CCI|CCI-002007, Rule-ID|SV-274062r1120174_rule, STIG-ID|AZLX-23-001305, Vuln-ID|V-274062
Plugin: Unix
Control ID: bd9422a175a41d58a12be37e009729fee7b6726d60df838690cd6f6b2aac7005