Detections
Analytics
OL08-00-010100 - OL 8, for certificate-based authentication, must enforce authorized access to the corresponding private key.
Warning! Audit Deprecated
This audit has been deprecated and will be removed in a future update.
View Next Audit VersionInformation
If an unauthorized user obtains access to a private key without a passcode, that user would have unauthorized access to any system where the associated public key has been installed.NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Create a new private and public key pair that uses a passcode with the following command:$ sudo ssh-keygen -n [passphrase]
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_8_V1R2_STIG.zip
Item Details
Audit Name: DISA Oracle Linux 8 STIG v1r2
References: CAT|II, CCI|CCI-000186, Rule-ID|SV-248532r779162_rule, STIG-ID|OL08-00-010100, Vuln-ID|V-248532
Plugin: Unix
Control ID: 0059ba835b06d36a2b81c61d715f54cbbd4b4d25bca530b3a9f355e50086c969