Policy : Linux: Read password configuration files (KB)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.150130

Kategorie: Policy

Titel: Linux: Read password configuration files (KB)

Zusammenfassung: When a PAM aware privilege granting application is started, it;activates its attachment to the PAM-API. This activation performs a number of tasks, the most;important being the reading of the configuration file(s): /etc/pam.conf. Alternatively, this may be;the contents of the /etc/pam.d/ directory. The presence of this directory will cause Linux-PAM to;ignore /etc/pam.conf.;;These files list the PAMs that will do the authentication tasks required by this service, and the;appropriate behavior of the PAM-API in the event that individual PAMs fail.;; - account: this module type performs non-authentication based account management. It is typically;used to restrict/permit access to a service based on the time of day, currently available system;resources (maximum number of users) or perhaps the location of the applicant user -- 'root' login;only on the console.;; - auth: this module type provides two aspects of authenticating the user. Firstly, it establishes;that the user is who they claim to be, by instructing the application to prompt the user for a;password or other means of identification. Secondly, the module can grant group membership or other;rivileges through its credential granting properties.;; - password: this module type is required for updating the authentication token associated with the;user. Typically, there is one module for each 'challenge/response' based authentication (auth) type.;; - pwhistory: this module saves the last passwords for each user in order to force password change;history and keep the user from alternating between the same password too frequently.;; - unix: this is the standard Unix authentication module. It uses standard calls from the system's;libraries to retrieve and set account information as well as authentication. Usually this is obtained;from the /etc/passwd and the /etc/shadow file as well if shadow is enabled.;;Note: This script read files /etc/pam.d/common-auth, /etc/pam.d/password-auth, /etc/pam.d/system-auth,;/etc/pam.d/common-password, /etc/pam.d/su and /etc/security/pwquality.conf and only stores information;for other Policy Controls.

Beschreibung: Summary:
When a PAM aware privilege granting application is started, it
activates its attachment to the PAM-API. This activation performs a number of tasks, the most
important being the reading of the configuration file(s): /etc/pam.conf. Alternatively, this may be
the contents of the /etc/pam.d/ directory. The presence of this directory will cause Linux-PAM to
ignore /etc/pam.conf.

These files list the PAMs that will do the authentication tasks required by this service, and the
appropriate behavior of the PAM-API in the event that individual PAMs fail.

- account: this module type performs non-authentication based account management. It is typically
used to restrict/permit access to a service based on the time of day, currently available system
resources (maximum number of users) or perhaps the location of the applicant user -- 'root' login
only on the console.

- auth: this module type provides two aspects of authenticating the user. Firstly, it establishes
that the user is who they claim to be, by instructing the application to prompt the user for a
password or other means of identification. Secondly, the module can grant group membership or other
rivileges through its credential granting properties.

- password: this module type is required for updating the authentication token associated with the
user. Typically, there is one module for each 'challenge/response' based authentication (auth) type.

- pwhistory: this module saves the last passwords for each user in order to force password change
history and keep the user from alternating between the same password too frequently.

- unix: this is the standard Unix authentication module. It uses standard calls from the system's
libraries to retrieve and set account information as well as authentication. Usually this is obtained
from the /etc/passwd and the /etc/shadow file as well if shadow is enabled.

Note: This script read files /etc/pam.d/common-auth, /etc/pam.d/password-auth, /etc/pam.d/system-auth,
/etc/pam.d/common-password, /etc/pam.d/su and /etc/security/pwquality.conf and only stores information
for other Policy Controls.

CVSS Score:
0.0

CVSS Vector:
AV:L/AC:H/Au:S/C:N/I:N/A:N

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.150130
Kategorie:	Policy
Titel:	Linux: Read password configuration files (KB)
Zusammenfassung:	When a PAM aware privilege granting application is started, it;activates its attachment to the PAM-API. This activation performs a number of tasks, the most;important being the reading of the configuration file(s): /etc/pam.conf. Alternatively, this may be;the contents of the /etc/pam.d/ directory. The presence of this directory will cause Linux-PAM to;ignore /etc/pam.conf.;;These files list the PAMs that will do the authentication tasks required by this service, and the;appropriate behavior of the PAM-API in the event that individual PAMs fail.;; - account: this module type performs non-authentication based account management. It is typically;used to restrict/permit access to a service based on the time of day, currently available system;resources (maximum number of users) or perhaps the location of the applicant user -- 'root' login;only on the console.;; - auth: this module type provides two aspects of authenticating the user. Firstly, it establishes;that the user is who they claim to be, by instructing the application to prompt the user for a;password or other means of identification. Secondly, the module can grant group membership or other;rivileges through its credential granting properties.;; - password: this module type is required for updating the authentication token associated with the;user. Typically, there is one module for each 'challenge/response' based authentication (auth) type.;; - pwhistory: this module saves the last passwords for each user in order to force password change;history and keep the user from alternating between the same password too frequently.;; - unix: this is the standard Unix authentication module. It uses standard calls from the system's;libraries to retrieve and set account information as well as authentication. Usually this is obtained;from the /etc/passwd and the /etc/shadow file as well if shadow is enabled.;;Note: This script read files /etc/pam.d/common-auth, /etc/pam.d/password-auth, /etc/pam.d/system-auth,;/etc/pam.d/common-password, /etc/pam.d/su and /etc/security/pwquality.conf and only stores information;for other Policy Controls.
Beschreibung:	Summary: When a PAM aware privilege granting application is started, it activates its attachment to the PAM-API. This activation performs a number of tasks, the most important being the reading of the configuration file(s): /etc/pam.conf. Alternatively, this may be the contents of the /etc/pam.d/ directory. The presence of this directory will cause Linux-PAM to ignore /etc/pam.conf. These files list the PAMs that will do the authentication tasks required by this service, and the appropriate behavior of the PAM-API in the event that individual PAMs fail. - account: this module type performs non-authentication based account management. It is typically used to restrict/permit access to a service based on the time of day, currently available system resources (maximum number of users) or perhaps the location of the applicant user -- 'root' login only on the console. - auth: this module type provides two aspects of authenticating the user. Firstly, it establishes that the user is who they claim to be, by instructing the application to prompt the user for a password or other means of identification. Secondly, the module can grant group membership or other rivileges through its credential granting properties. - password: this module type is required for updating the authentication token associated with the user. Typically, there is one module for each 'challenge/response' based authentication (auth) type. - pwhistory: this module saves the last passwords for each user in order to force password change history and keep the user from alternating between the same password too frequently. - unix: this is the standard Unix authentication module. It uses standard calls from the system's libraries to retrieve and set account information as well as authentication. Usually this is obtained from the /etc/passwd and the /etc/shadow file as well if shadow is enabled. Note: This script read files /etc/pam.d/common-auth, /etc/pam.d/password-auth, /etc/pam.d/system-auth, /etc/pam.d/common-password, /etc/pam.d/su and /etc/security/pwquality.conf and only stores information for other Policy Controls. CVSS Score: 0.0 CVSS Vector: AV:L/AC:H/Au:S/C:N/I:N/A:N
Copyright	Copyright (C) 2020 Greenbone Networks GmbH