From SLES 12 Security Technical Implementation Guide
Part of SRG-OS-000480-GPOS-00227
Associated with: CCI-000366
"pam-config" is a command line utility that automatically generates a system PAM configuration as packages are installed, updated or removed from the system. "pam-config" removes configurations for PAM modules and parameters that it does not know about. It may render ineffective PAM configuration by the system administrator and thus impact system security.
Verify the SUSE operating system is configured to not overwrite Pluggable Authentication Modules (PAM) configuration on package changes. Check that soft links between PAM configuration files are removed with the following command: # find /etc/pam.d/ -type l -iname "common-*" If any results are returned, this is a finding.
Remove the SUSE operating system soft links for the PAM configuration files with the following command: # find /etc/pam.d/ -type l -iname "common-*" -delete Copy the PAM configuration files to their static locations: # for X in /etc/pam.d/common-*-pc; do cp -ivp $X ${X:0:-3}; done Additional information on the configuration of multifactor authentication on the SUSE operating system can be found at https://www.suse.com/communities/blog/configuring-smart-card-authentication-suse-linux-enterprise/.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer