|
 |
0d5c10 |
From 57e3dba57c5a9e9172476ea254fae2a8fa4e9591 Mon Sep 17 00:00:00 2001
|
|
|
0d5c10 |
From: Watson Sato <wsato@redhat.com>
|
|
|
0d5c10 |
Date: Fri, 1 Mar 2019 10:22:19 +0100
|
|
|
0d5c10 |
Subject: [PATCH 1/2] Add rule for package pcsc-lite installed
|
|
|
0d5c10 |
|
|
|
0d5c10 |
Select the rule in profiles that select service_pcscd_enabled.
|
|
|
0d5c10 |
---
|
|
|
0d5c10 |
.../package_pcsc-lite_installed/rule.yml | 23 +++++++++++++++++++
|
|
|
0d5c10 |
rhel7/profiles/ospp.profile | 1 +
|
|
|
0d5c10 |
rhel7/profiles/rhelh-stig.profile | 1 +
|
|
|
0d5c10 |
rhel7/profiles/rhelh-vpp.profile | 1 +
|
|
|
0d5c10 |
rhel8/profiles/pci-dss.profile | 1 +
|
|
|
0d5c10 |
rhv4/profiles/rhvh-stig.profile | 1 +
|
|
|
0d5c10 |
rhv4/profiles/rhvh-vpp.profile | 1 +
|
|
|
0d5c10 |
7 files changed, 29 insertions(+)
|
|
|
0d5c10 |
create mode 100644 linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml
|
|
|
0d5c10 |
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml
|
|
|
0d5c10 |
new file mode 100644
|
|
|
0d5c10 |
index 0000000000..6baf31bbe1
|
|
|
0d5c10 |
--- /dev/null
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml
|
|
|
0d5c10 |
@@ -0,0 +1,23 @@
|
|
|
0d5c10 |
+documentation_complete: true
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+prodtype: rhel7,rhel8,fedora,rhv4
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+title: 'Install pcsc-lite'
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+description: |-
|
|
|
0d5c10 |
+ {{{ describe_package_install(package="pcsc-lite") }}}
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+rationale: |-
|
|
|
0d5c10 |
+ The pcsc-lite package must be installed if it is to be available for
|
|
|
0d5c10 |
+ multifactor authentication using smartcards.
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+severity: medium
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+references:
|
|
|
0d5c10 |
+ disa: "1954"
|
|
|
0d5c10 |
+ srg: SRG-OS-000375-GPOS-00160
|
|
|
0d5c10 |
+ vmmsrg: SRG-OS-000377-VMM-001530
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+ocil_clause: 'the package is not installed'
|
|
|
0d5c10 |
+
|
|
|
0d5c10 |
+ocil: '{{{ ocil_package(package="pcsc-lite") }}}'
|
|
|
0d5c10 |
diff --git a/rhel7/profiles/ospp.profile b/rhel7/profiles/ospp.profile
|
|
|
0d5c10 |
index 64f54c3945..166de67169 100644
|
|
|
0d5c10 |
--- a/rhel7/profiles/ospp.profile
|
|
|
0d5c10 |
+++ b/rhel7/profiles/ospp.profile
|
|
|
0d5c10 |
@@ -387,6 +387,7 @@ selections:
|
|
|
0d5c10 |
- configure_opensc_nss_db
|
|
|
0d5c10 |
- configure_opensc_card_drivers
|
|
|
0d5c10 |
- force_opensc_card_drivers
|
|
|
0d5c10 |
+ - package_pcsc-lite_installed
|
|
|
0d5c10 |
- service_pcscd_enabled
|
|
|
0d5c10 |
- sssd_enable_smartcards
|
|
|
0d5c10 |
- sssd_memcache_timeout
|
|
|
0d5c10 |
diff --git a/rhel7/profiles/rhelh-stig.profile b/rhel7/profiles/rhelh-stig.profile
|
|
|
0d5c10 |
index cf387e4a25..f88f4026b0 100644
|
|
|
0d5c10 |
--- a/rhel7/profiles/rhelh-stig.profile
|
|
|
0d5c10 |
+++ b/rhel7/profiles/rhelh-stig.profile
|
|
|
0d5c10 |
@@ -361,6 +361,7 @@ selections:
|
|
|
0d5c10 |
- configure_opensc_nss_db
|
|
|
0d5c10 |
- configure_opensc_card_drivers
|
|
|
0d5c10 |
- force_opensc_card_drivers
|
|
|
0d5c10 |
+ - package_pcsc-lite_installed
|
|
|
0d5c10 |
- service_pcscd_enabled
|
|
|
0d5c10 |
- sssd_enable_smartcards
|
|
|
0d5c10 |
- sssd_memcache_timeout
|
|
|
0d5c10 |
diff --git a/rhel7/profiles/rhelh-vpp.profile b/rhel7/profiles/rhelh-vpp.profile
|
|
|
0d5c10 |
index b26e523f6d..2b4a5805ef 100644
|
|
|
0d5c10 |
--- a/rhel7/profiles/rhelh-vpp.profile
|
|
|
0d5c10 |
+++ b/rhel7/profiles/rhelh-vpp.profile
|
|
|
0d5c10 |
@@ -178,6 +178,7 @@ selections:
|
|
|
0d5c10 |
- configure_opensc_nss_db
|
|
|
0d5c10 |
- configure_opensc_card_drivers
|
|
|
0d5c10 |
- force_opensc_card_drivers
|
|
|
0d5c10 |
+ - package_pcsc-lite_installed
|
|
|
0d5c10 |
- service_pcscd_enabled
|
|
|
0d5c10 |
- sssd_enable_smartcards
|
|
|
0d5c10 |
|
|
|
0d5c10 |
diff --git a/rhel8/profiles/pci-dss.profile b/rhel8/profiles/pci-dss.profile
|
|
|
0d5c10 |
index 934622c456..5990e9e00d 100644
|
|
|
0d5c10 |
--- a/rhel8/profiles/pci-dss.profile
|
|
|
0d5c10 |
+++ b/rhel8/profiles/pci-dss.profile
|
|
|
0d5c10 |
@@ -119,6 +119,7 @@ selections:
|
|
|
0d5c10 |
- configure_opensc_nss_db
|
|
|
0d5c10 |
- configure_opensc_card_drivers
|
|
|
0d5c10 |
- force_opensc_card_drivers
|
|
|
0d5c10 |
+ - package_pcsc-lite_installed
|
|
|
0d5c10 |
- service_pcscd_enabled
|
|
|
0d5c10 |
- sssd_enable_smartcards
|
|
|
0d5c10 |
- set_password_hashing_algorithm_systemauth
|
|
|
0d5c10 |
diff --git a/rhv4/profiles/rhvh-stig.profile b/rhv4/profiles/rhvh-stig.profile
|
|
|
0d5c10 |
index 47f0052756..f55098b276 100644
|
|
|
0d5c10 |
--- a/rhv4/profiles/rhvh-stig.profile
|
|
|
0d5c10 |
+++ b/rhv4/profiles/rhvh-stig.profile
|
|
|
0d5c10 |
@@ -361,6 +361,7 @@ selections:
|
|
|
0d5c10 |
- configure_opensc_nss_db
|
|
|
0d5c10 |
- configure_opensc_card_drivers
|
|
|
0d5c10 |
- force_opensc_card_drivers
|
|
|
0d5c10 |
+ - package_pcsc-lite_installed
|
|
|
0d5c10 |
- service_pcscd_enabled
|
|
|
0d5c10 |
- sssd_enable_smartcards
|
|
|
0d5c10 |
- sssd_memcache_timeout
|
|
|
0d5c10 |
diff --git a/rhv4/profiles/rhvh-vpp.profile b/rhv4/profiles/rhvh-vpp.profile
|
|
|
0d5c10 |
index 5b9dee7590..ecc6fce5e0 100644
|
|
|
0d5c10 |
--- a/rhv4/profiles/rhvh-vpp.profile
|
|
|
0d5c10 |
+++ b/rhv4/profiles/rhvh-vpp.profile
|
|
|
0d5c10 |
@@ -178,6 +178,7 @@ selections:
|
|
|
0d5c10 |
- configure_opensc_nss_db
|
|
|
0d5c10 |
- configure_opensc_card_drivers
|
|
|
0d5c10 |
- force_opensc_card_drivers
|
|
|
0d5c10 |
+ - package_pcsc-lite_installed
|
|
|
0d5c10 |
- service_pcscd_enabled
|
|
|
0d5c10 |
- sssd_enable_smartcards
|
|
|
0d5c10 |
|
|
|
0d5c10 |
|
|
|
0d5c10 |
From d8ffcfed9a1e97e18b02bc6be8d7918b6a994a95 Mon Sep 17 00:00:00 2001
|
|
|
0d5c10 |
From: Watson Sato <wsato@redhat.com>
|
|
|
0d5c10 |
Date: Fri, 1 Mar 2019 16:58:19 +0100
|
|
|
0d5c10 |
Subject: [PATCH 2/2] Update title of rule package_pcsc-lite_installed
|
|
|
0d5c10 |
|
|
|
0d5c10 |
---
|
|
|
0d5c10 |
.../smart_card_login/package_pcsc-lite_installed/rule.yml | 2 +-
|
|
|
0d5c10 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
0d5c10 |
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml
|
|
|
0d5c10 |
index 6baf31bbe1..b2a243db84 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml
|
|
|
0d5c10 |
@@ -2,7 +2,7 @@ documentation_complete: true
|
|
|
0d5c10 |
|
|
|
0d5c10 |
prodtype: rhel7,rhel8,fedora,rhv4
|
|
|
0d5c10 |
|
|
|
0d5c10 |
-title: 'Install pcsc-lite'
|
|
|
0d5c10 |
+title: 'Install the pcsc-lite package'
|
|
|
0d5c10 |
|
|
|
0d5c10 |
description: |-
|
|
|
0d5c10 |
{{{ describe_package_install(package="pcsc-lite") }}}
|