|
 |
fe0dde |
diff --git a/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml b/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml
|
|
|
fe0dde |
index 6c344c1cb4..426635c85f 100644
|
|
|
fe0dde |
--- a/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml
|
|
|
fe0dde |
+++ b/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml
|
|
|
fe0dde |
@@ -30,7 +30,7 @@ references:
|
|
|
fe0dde |
disa: CCI-001948,CCI-001953,CCI-001954
|
|
|
fe0dde |
nist: IA-2(1),CM-6(a)
|
|
|
fe0dde |
nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
|
|
|
fe0dde |
- srg: SRG-OS-000375-GPOS-00160,SRG-OS-000375-GPOS-00161,SRG-OS-000375-GPOS-00162
|
|
|
fe0dde |
+ srg: SRG-OS-000375-GPOS-00160,SRG-OS-000376-GPOS-00161,SRG-OS-000377-GPOS-00162
|
|
|
fe0dde |
vmmsrg: SRG-OS-000107-VMM-000530
|
|
|
fe0dde |
stigid@rhel7: RHEL-07-041002
|
|
|
fe0dde |
isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.7,SR 1.8,SR 1.9,SR 2.1'
|
|
|
fe0dde |
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/bash/shared.sh
|
|
|
fe0dde |
deleted file mode 100644
|
|
|
fe0dde |
index a8f1aedd5e..0000000000
|
|
|
fe0dde |
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/bash/shared.sh
|
|
|
fe0dde |
+++ /dev/null
|
|
|
fe0dde |
@@ -1,4 +0,0 @@
|
|
|
fe0dde |
-# platform = Red Hat Enterprise Linux 7,Oracle Linux 7
|
|
|
fe0dde |
-
|
|
|
fe0dde |
-{{{ bash_package_install("esc") }}}
|
|
|
fe0dde |
-{{{ bash_package_install("pam_pkcs11") }}}
|
|
|
fe0dde |
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/oval/shared.xml
|
|
|
fe0dde |
deleted file mode 100644
|
|
|
fe0dde |
index fa837b5d30..0000000000
|
|
|
fe0dde |
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/oval/shared.xml
|
|
|
fe0dde |
+++ /dev/null
|
|
|
fe0dde |
@@ -1,9 +0,0 @@
|
|
|
fe0dde |
-<def-group>
|
|
|
fe0dde |
- <definition class="compliance" id="install_smartcard_packages" version="1">
|
|
|
fe0dde |
- {{{ oval_metadata("The RPM packages esc and pam_pkcs11 must be installed.") }}}
|
|
|
fe0dde |
- <criteria comment="packages for smartcard use are installed">
|
|
|
fe0dde |
- <extend_definition comment="pam_pkcs11 package is installed" definition_ref="package_pam_pkcs11_installed" />
|
|
|
fe0dde |
- <extend_definition comment="esc package is installed" definition_ref="package_esc_installed" />
|
|
|
fe0dde |
- </criteria>
|
|
|
fe0dde |
- </definition>
|
|
|
fe0dde |
-</def-group>
|
|
|
fe0dde |
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
|
|
|
fe0dde |
index 91cc09590a..1747b7901a 100644
|
|
|
fe0dde |
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
|
|
|
fe0dde |
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
|
|
|
fe0dde |
@@ -6,8 +6,8 @@ title: 'Install Smart Card Packages For Multifactor Authentication'
|
|
|
fe0dde |
|
|
|
fe0dde |
description: |-
|
|
|
fe0dde |
Configure the operating system to implement multifactor authentication by
|
|
|
fe0dde |
- installing the required packages with the following command:
|
|
|
fe0dde |
- {{{ describe_package_install(package="esc pam_pkcs11") }}}
|
|
|
fe0dde |
+ installing the required package with the following command:
|
|
|
fe0dde |
+ {{{ describe_package_install(package="pam_pkcs11") }}}
|
|
|
fe0dde |
|
|
|
fe0dde |
rationale: |-
|
|
|
fe0dde |
Using an authentication device, such as a CAC or token that is separate from
|
|
|
fe0dde |
@@ -30,12 +30,14 @@ references:
|
|
|
fe0dde |
stigid@ol7: OL07-00-041001
|
|
|
fe0dde |
disa: CCI-000765,CCI-001948,CCI-001953,CCI-001954
|
|
|
fe0dde |
nist: CM-6(a)
|
|
|
fe0dde |
- srg: SRG-OS-000105-GPOS-00052,SRG-OS-000375-GPOS-00160,SRG-OS-000375-GPOS-00161,SRG-OS-000377-GPOS-00162
|
|
|
fe0dde |
+ srg: SRG-OS-000105-GPOS-00052,SRG-OS-000375-GPOS-00160,SRG-OS-000376-GPOS-00161,SRG-OS-000377-GPOS-00162
|
|
|
fe0dde |
stigid@rhel7: RHEL-07-041001
|
|
|
fe0dde |
|
|
|
fe0dde |
ocil_clause: 'smartcard software is not installed'
|
|
|
fe0dde |
|
|
|
fe0dde |
-ocil: |-
|
|
|
fe0dde |
- To verify the operating system has the packages required for multifactor
|
|
|
fe0dde |
- authentication installed, run the following command:
|
|
|
fe0dde |
- $ sudo yum list installed esc pam_pkcs11
|
|
|
fe0dde |
+ocil: '{{{ ocil_package(package="pam_pkcs11") }}}'
|
|
|
fe0dde |
+
|
|
|
fe0dde |
+template:
|
|
|
fe0dde |
+ name: package_installed
|
|
|
fe0dde |
+ vars:
|
|
|
fe0dde |
+ pkgname: pam_pkcs11
|
|
|
fe0dde |
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml
|
|
|
fe0dde |
index eb88f519f2..c0ac9db891 100644
|
|
|
fe0dde |
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml
|
|
|
fe0dde |
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml
|
|
|
fe0dde |
@@ -34,7 +34,7 @@ references:
|
|
|
fe0dde |
disa: CCI-000765,CCI-000766,CCI-000767,CCI-000768,CCI-000771,CCI-000772,CCI-000884,CCI-001948,CCI-001954
|
|
|
fe0dde |
nist: IA-2(3),IA-2(4),IA-2(8),IA-2(9),IA-2(11)
|
|
|
fe0dde |
pcidss: Req-8.3
|
|
|
fe0dde |
- srg: SRG-OS-000375-GPOS-00160,SRG-OS-000375-GPOS-00161,SRG-OS-000377-GPOS-00162
|
|
|
fe0dde |
+ srg: SRG-OS-000375-GPOS-00160,SRG-OS-000376-GPOS-00161,SRG-OS-000377-GPOS-00162
|
|
|
fe0dde |
stigid@rhel7: RHEL-07-010061
|
|
|
fe0dde |
|
|
|
fe0dde |
ocil_clause: 'enable-smartcard-authentication has not been configured or is disabled'
|
|
|
fe0dde |
diff --git a/shared/templates/extra_ovals.yml b/shared/templates/extra_ovals.yml
|
|
|
fe0dde |
index 948912c228..2d305f56d4 100644
|
|
|
fe0dde |
--- a/shared/templates/extra_ovals.yml
|
|
|
fe0dde |
+++ b/shared/templates/extra_ovals.yml
|
|
|
fe0dde |
@@ -8,11 +8,6 @@ package_esc_installed:
|
|
|
fe0dde |
vars:
|
|
|
fe0dde |
pkgname: esc
|
|
|
fe0dde |
|
|
|
fe0dde |
-package_pam_pkcs11_installed:
|
|
|
fe0dde |
- name: package_installed
|
|
|
fe0dde |
- vars:
|
|
|
fe0dde |
- pkgname: pam_pkcs11
|
|
|
fe0dde |
-
|
|
|
fe0dde |
package_GConf2_installed:
|
|
|
fe0dde |
name: package_installed
|
|
|
fe0dde |
vars:
|