CCE-92141-1Platform: Amazon Linux | Date: (C)2018-10-29 (M)2022-10-10 |
Disable Cyrus SASL Authentication Daemon (saslauthd)
The 'saslauthd' service handles plaintext authentication requests on
behalf of the SASL library. The service isolates all code requiring superuser
privileges for SASL authentication into a single process, and can also be used
to provide proxy authentication services to clients that do not understand SASL
based authentication.
The 'saslauthd' service can be disabled with the following command:
'$ sudo systemctl disable saslauthd'
Parameter:
Technical Mechanism:
The 'saslauthd' service provides essential functionality for
performing authentication in some directory environments, such as those which
use Kerberos and LDAP. For others, however, in which only local files may be
consulted, it is not necessary and should be disabled.
Fix:
#
# Disable saslauthd.service for all systemd targets
#
systemctl disable saslauthd.service
#
# Stop saslauthd.service if currently running
#
systemctl stop saslauthd.service
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:48328 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:48328 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:48923 |