6.3.6 Remove the pam_ccreds Package

Information

The pam_ccreds module provides the ability for Linux users to locally authenticate using an enterprise identity when the network is unavailable.

Rationale:

While cached credentials provide flexibility in allowing enterprise users to authenticate when not attached to the network, it provides attackers with the ability of compromising those credentials if they've compromised the system.

Solution

Run the following command to remove pam_ccreds:

# yum erase pam_ccreds

Default Value:

OS Default: N/A

See Also

https://workbench.cisecurity.org/files/3096

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-11, CSCv7|2.6

Plugin: Unix

Control ID: 008e412ca5b33d61a48d62e9ce87722f13e0d70ba01447e7cb4a10ab3e11361c