Detections
Analytics
GEN007980 - If using LDAP for auth or account information, must use a TLS connection using FIPS 140-2 approved algorithms - 'tls_ciphers'
Information
LDAP can be used to provide user authentication and account information, which are vital to system security. Communication between an LDAP server and a host using LDAP requires protection.Solution
Edit '/etc/ldap.conf' and add a 'ssl start_tls' and 'tls_ciphers' options with only FIPS 140-2 approved ciphers.See Also
http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip
Item Details
Category: ACCESS CONTROL
References: 800-53|AC-17(2), CAT|II, CCI|CCI-001453, Group-ID|V-22555, Rule-ID|SV-37627r3_rule, STIG-ID|GEN007980, Vuln-ID|V-22555
Plugin: Unix
Control ID: 1a6d8b76b46af5be545e7156f5917b829e0d3f4de22461465e30afb908d39591