Profile Applicability:
• Level 1
Description:
Pluggable Authentication Modules (PAM) provide a flexible authentication framework for Linux systems. Installing the latest PAM version ensures all security patches, features, and bug fixes are applied, enhancing system authentication security.
Rationale:
Keeping PAM up to date reduces vulnerabilities and ensures compatibility with modern authentication mechanisms and security standards.
Impact:
Pros:
Improves authentication security and stability.
Provides access to new features and security enhancements.
Cons:
Upgrading PAM may require system restarts or service reloads.
In rare cases, new versions may introduce compatibility issues.
Default Value:
PAM is usually installed by default, but the version may not be the latest without updates.
Pre-requisites:
Root or sudo privileges to update system packages.
Network access to package repositories.
Remediation:
Test Plan:
Using Linux command line:
Check the current installed version of PAM:
On RPM-based systems:
rpm -q pam
Compare with the latest available version from official repositories or vendor advisories.
Implementation Plan:
Using Linux command line:
Update PAM packages to the latest version:
On RPM-based systems:
yum update pam -y
- Verify the update:
rpm -q pam # or dpkg -l | grep libpam
Backout Plan:
Using Linux command line:
Roll back to previous PAM versions if necessary using package management tools.
Test authentication functionality after rollback.
References:
CIS Amazon Linux 2 Benchmark v3.0.0