ggbecker / rpms / scap-security-guide

Forked from rpms/scap-security-guide 3 years ago
Clone
Source Code
GIT

Files

  1.   0d5c1071ad2a95875eb936dc89d01b07d25105ff
  2.   SOURCES
  3.   scap-security-guide-0.1.44-rule_pcsc-lite_installed.patch
Blob Blame History Raw 
From 57e3dba57c5a9e9172476ea254fae2a8fa4e9591 Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Fri, 1 Mar 2019 10:22:19 +0100
Subject: [PATCH 1/2] Add rule for package pcsc-lite installed

Select the rule in profiles that select service_pcscd_enabled.
---
 .../package_pcsc-lite_installed/rule.yml      | 23 +++++++++++++++++++
 rhel7/profiles/ospp.profile                   |  1 +
 rhel7/profiles/rhelh-stig.profile             |  1 +
 rhel7/profiles/rhelh-vpp.profile              |  1 +
 rhel8/profiles/pci-dss.profile                |  1 +
 rhv4/profiles/rhvh-stig.profile               |  1 +
 rhv4/profiles/rhvh-vpp.profile                |  1 +
 7 files changed, 29 insertions(+)
 create mode 100644 linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml

diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml
new file mode 100644
index 0000000000..6baf31bbe1
--- /dev/null
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml
@@ -0,0 +1,23 @@
+documentation_complete: true
+
+prodtype: rhel7,rhel8,fedora,rhv4
+
+title: 'Install pcsc-lite'
+
+description: |-
+    {{{ describe_package_install(package="pcsc-lite") }}}
+
+rationale: |-
+    The pcsc-lite package must be installed if it is to be available for
+    multifactor authentication using smartcards.
+
+severity: medium
+
+references:
+    disa: "1954"
+    srg: SRG-OS-000375-GPOS-00160
+    vmmsrg: SRG-OS-000377-VMM-001530
+
+ocil_clause: 'the package is not installed'
+
+ocil: '{{{ ocil_package(package="pcsc-lite") }}}'
diff --git a/rhel7/profiles/ospp.profile b/rhel7/profiles/ospp.profile
index 64f54c3945..166de67169 100644
--- a/rhel7/profiles/ospp.profile
+++ b/rhel7/profiles/ospp.profile
@@ -387,6 +387,7 @@ selections:
     - configure_opensc_nss_db
     - configure_opensc_card_drivers
     - force_opensc_card_drivers
+    - package_pcsc-lite_installed
     - service_pcscd_enabled
     - sssd_enable_smartcards
     - sssd_memcache_timeout
diff --git a/rhel7/profiles/rhelh-stig.profile b/rhel7/profiles/rhelh-stig.profile
index cf387e4a25..f88f4026b0 100644
--- a/rhel7/profiles/rhelh-stig.profile
+++ b/rhel7/profiles/rhelh-stig.profile
@@ -361,6 +361,7 @@ selections:
     - configure_opensc_nss_db
     - configure_opensc_card_drivers
     - force_opensc_card_drivers
+    - package_pcsc-lite_installed
     - service_pcscd_enabled
     - sssd_enable_smartcards
     - sssd_memcache_timeout
diff --git a/rhel7/profiles/rhelh-vpp.profile b/rhel7/profiles/rhelh-vpp.profile
index b26e523f6d..2b4a5805ef 100644
--- a/rhel7/profiles/rhelh-vpp.profile
+++ b/rhel7/profiles/rhelh-vpp.profile
@@ -178,6 +178,7 @@ selections:
     - configure_opensc_nss_db
     - configure_opensc_card_drivers
     - force_opensc_card_drivers
+    - package_pcsc-lite_installed
     - service_pcscd_enabled
     - sssd_enable_smartcards
 
diff --git a/rhel8/profiles/pci-dss.profile b/rhel8/profiles/pci-dss.profile
index 934622c456..5990e9e00d 100644
--- a/rhel8/profiles/pci-dss.profile
+++ b/rhel8/profiles/pci-dss.profile
@@ -119,6 +119,7 @@ selections:
     - configure_opensc_nss_db
     - configure_opensc_card_drivers
     - force_opensc_card_drivers
+    - package_pcsc-lite_installed
     - service_pcscd_enabled
     - sssd_enable_smartcards
     - set_password_hashing_algorithm_systemauth
diff --git a/rhv4/profiles/rhvh-stig.profile b/rhv4/profiles/rhvh-stig.profile
index 47f0052756..f55098b276 100644
--- a/rhv4/profiles/rhvh-stig.profile
+++ b/rhv4/profiles/rhvh-stig.profile
@@ -361,6 +361,7 @@ selections:
     - configure_opensc_nss_db
     - configure_opensc_card_drivers
     - force_opensc_card_drivers
+    - package_pcsc-lite_installed
     - service_pcscd_enabled
     - sssd_enable_smartcards
     - sssd_memcache_timeout
diff --git a/rhv4/profiles/rhvh-vpp.profile b/rhv4/profiles/rhvh-vpp.profile
index 5b9dee7590..ecc6fce5e0 100644
--- a/rhv4/profiles/rhvh-vpp.profile
+++ b/rhv4/profiles/rhvh-vpp.profile
@@ -178,6 +178,7 @@ selections:
     - configure_opensc_nss_db
     - configure_opensc_card_drivers
     - force_opensc_card_drivers
+    - package_pcsc-lite_installed
     - service_pcscd_enabled
     - sssd_enable_smartcards
 

From d8ffcfed9a1e97e18b02bc6be8d7918b6a994a95 Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Fri, 1 Mar 2019 16:58:19 +0100
Subject: [PATCH 2/2] Update title of rule package_pcsc-lite_installed

---
 .../smart_card_login/package_pcsc-lite_installed/rule.yml       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml
index 6baf31bbe1..b2a243db84 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml
@@ -2,7 +2,7 @@ documentation_complete: true
 
 prodtype: rhel7,rhel8,fedora,rhv4
 
-title: 'Install pcsc-lite'
+title: 'Install the pcsc-lite package'
 
 description: |-
     {{{ describe_package_install(package="pcsc-lite") }}}

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation