For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/default_rules/def-000-0ub.md. A documentation index is available at /llms.txt.

Install authselect Package

Description

The authselect package can be installed with the following command:

$ sudo yum install authselect

Rationale

The authselect package provides a tool to select system authentication and identity sources from a list of supported profiles instead of letting the administrator manually build the PAM stack. Authselect is a successor to authconfig and helps avoid potential breakage of configuration by shipping several tested profiles that are well tested and supported. Ensuring the latest version of authselect is installed helps maintain system security by providing the latest security fixes and features.

Remediation

Shell script

The following script can be run on the host to remediate the issue.

#!/bin/bash

if ! rpm -q --quiet "authselect" ; then
    yum install -y "authselect"
fi

Ansible playbook

The following playbook can be run with Ansible to remediate the issue.

- name: Ensure authselect is installed
  ansible.builtin.package:
    name: authselect
    state: present
  tags:
  - CCE-89186-1
  - enable_strategy
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - package_authselect_installed