openstack/ansible-hardening
Code Issues Proposed changes
ansible-hardening/doc/metadata/rhel7/RHEL-07-040030.rst
Major Hayden 4bee87be1d Check for ocsp_on in PKCS config [+Docs] 
This patch adds a verification for ocsp_on in the PAM PKCS 11
configuration file (if present).

Documentation is included.

Implements: blueprint security-rhel7-stig
Change-Id: I53e6ff4a7cc55e174d4ae2976b1c2118317f4964
2016-12-08 16:20:23 -06:00

14 lines
436 B
ReStructuredText
Raw Blame History

---
id: RHEL-07-040030
status: verification only
tag: auth
---
The tasks in the security role examine the ``/etc/pam_pkcs11/pam_pkcs11.conf``
file (if it exists) to ensure that ``ocsp_on`` is included in all three
``cert_policy`` directives. If ``oscp_on`` is not found three times in the
file, a message is printed in the Ansible output.
This change is only needed on systems which use PKI-based authentication (using
certificates).
View Git Blame Copy Permalink