Buscar

Este contenido no está disponible en el idioma seleccionado.

Chapter 62. Security

download PDF

certutil does not return the NSS database password requirements in FIPS mode

When creating a new Network Security Services (NSS) database with the certutil tool, the user has nowhere to find out what the database password requirements are when running in FIPS mode. The prompt message does not provide password requirements, and certutil returns only a generic error message:
certutil: could not authenticate to token NSS FIPS 140-2 Certificate DB.: SEC_ERROR_IO: An I/O error occurred during security authorization.
(BZ#1401809)

systemd-importd runs as init_t

The systemd-importd service is using the NoNewPrivileges security flag in the systemd unit file. This blocks the SELinux domain transition from the init_t to systemd_importd_t domain. (BZ#1365944)

The SCAP password length requirement is ignored in the kickstart installation

The interactive kickstart installation does not enforce the password length check defined by the SCAP rule and accepts shorter root passwords. To work around this problem, use the --strict option with the pwpolicy root command in the kickstart file. (BZ#1372791)

rhnsd.pid is writable by group and others

In Red Hat Enterprise Linux 7.4, the default permissions of the /var/run/rhnsd.pid file are set to -rw-rw-rw-.. This setting is not secure. To work around this problem, change the permissions of this file to be writable only by the owner:
# chmod go-w /var/run/rhnsd.pid
(BZ#1480306)
Red Hat logoGithubRedditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

© 2024 Red Hat, Inc.