From Red Hat Enterprise Linux 7 Security Technical Implementation Guide
Part of SRG-OS-000104-GPOS-00051
Associated with: CCI-000766
To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system.
Verify the operating system requires multifactor authentication to uniquely identify organizational users using multifactor authentication. Check to see if smartcard authentication is enforced on the system: # authconfig --test | grep -i smartcard The entry for use only smartcard for logon may be enabled, and the smartcard module and smartcard removal actions must not be blank. If smartcard authentication is disabled or the smartcard and smartcard removal actions are blank, this is a finding.
Configure the operating system to require individuals to be authenticated with a multifactor authenticator. Enable smartcard logons with the following commands: # authconfig --enablesmartcard --smartcardaction=1 --update # authconfig --enablerequiresmartcard -update Modify the "/etc/pam_pkcs11/pkcs11_eventmgr.conf" file to uncomment the following line: #/usr/X11R6/bin/xscreensaver-command -lock Modify the "/etc/pam_pkcs11/pam_pkcs11.conf" file to use the cackey module if required.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer