rpms / scap-security-guide

Clone
Source Code
GIT

Files

  1.   7f349f640d51d38a60f9292c89076e646ba9e6fc
  2.   SOURCES
  3.   scap-security-guide-0.1.53-update_stig_RHEL_07_041001-PR_6083.diff
Blob Blame History Raw 
diff --git a/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml b/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml
index 6c344c1cb4..426635c85f 100644
--- a/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml
+++ b/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml
@@ -30,7 +30,7 @@ references:
     disa: CCI-001948,CCI-001953,CCI-001954
     nist: IA-2(1),CM-6(a)
     nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
-    srg: SRG-OS-000375-GPOS-00160,SRG-OS-000375-GPOS-00161,SRG-OS-000375-GPOS-00162
+    srg: SRG-OS-000375-GPOS-00160,SRG-OS-000376-GPOS-00161,SRG-OS-000377-GPOS-00162
     vmmsrg: SRG-OS-000107-VMM-000530
     stigid@rhel7: RHEL-07-041002
     isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.7,SR 1.8,SR 1.9,SR 2.1'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/bash/shared.sh
deleted file mode 100644
index a8f1aedd5e..0000000000
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/bash/shared.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-# platform = Red Hat Enterprise Linux 7,Oracle Linux 7
-
-{{{ bash_package_install("esc") }}}
-{{{ bash_package_install("pam_pkcs11") }}}
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/oval/shared.xml
deleted file mode 100644
index fa837b5d30..0000000000
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/oval/shared.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<def-group>
-  <definition class="compliance" id="install_smartcard_packages" version="1">
-    {{{ oval_metadata("The RPM packages esc and pam_pkcs11 must be installed.") }}}
-      <criteria comment="packages for smartcard use are installed">
-      <extend_definition comment="pam_pkcs11 package is installed" definition_ref="package_pam_pkcs11_installed" />
-      <extend_definition comment="esc package is installed" definition_ref="package_esc_installed" />
-      </criteria>
-  </definition>
-</def-group>
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
index 91cc09590a..1747b7901a 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
@@ -6,8 +6,8 @@ title: 'Install Smart Card Packages For Multifactor Authentication'
 
 description: |-
     Configure the operating system to implement multifactor authentication by
-    installing the required packages with the following command:
-    {{{ describe_package_install(package="esc pam_pkcs11") }}}
+    installing the required package with the following command:
+    {{{ describe_package_install(package="pam_pkcs11") }}}
 
 rationale: |-
     Using an authentication device, such as a CAC or token that is separate from
@@ -30,12 +30,14 @@ references:
     stigid@ol7: OL07-00-041001
     disa: CCI-000765,CCI-001948,CCI-001953,CCI-001954
     nist: CM-6(a)
-    srg: SRG-OS-000105-GPOS-00052,SRG-OS-000375-GPOS-00160,SRG-OS-000375-GPOS-00161,SRG-OS-000377-GPOS-00162
+    srg: SRG-OS-000105-GPOS-00052,SRG-OS-000375-GPOS-00160,SRG-OS-000376-GPOS-00161,SRG-OS-000377-GPOS-00162
     stigid@rhel7: RHEL-07-041001
 
 ocil_clause: 'smartcard software is not installed'
 
-ocil: |-
-    To verify the operating system has the packages required for multifactor
-    authentication installed, run the following command:
-    <pre>$ sudo yum list installed esc pam_pkcs11</pre>
+ocil: '{{{ ocil_package(package="pam_pkcs11") }}}'
+
+template:
+    name: package_installed
+    vars:
+        pkgname: pam_pkcs11
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml
index eb88f519f2..c0ac9db891 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml
@@ -34,7 +34,7 @@ references:
     disa: CCI-000765,CCI-000766,CCI-000767,CCI-000768,CCI-000771,CCI-000772,CCI-000884,CCI-001948,CCI-001954
     nist: IA-2(3),IA-2(4),IA-2(8),IA-2(9),IA-2(11)
     pcidss: Req-8.3
-    srg: SRG-OS-000375-GPOS-00160,SRG-OS-000375-GPOS-00161,SRG-OS-000377-GPOS-00162
+    srg: SRG-OS-000375-GPOS-00160,SRG-OS-000376-GPOS-00161,SRG-OS-000377-GPOS-00162
     stigid@rhel7: RHEL-07-010061
 
 ocil_clause: 'enable-smartcard-authentication has not been configured or is disabled'
diff --git a/shared/templates/extra_ovals.yml b/shared/templates/extra_ovals.yml
index 948912c228..2d305f56d4 100644
--- a/shared/templates/extra_ovals.yml
+++ b/shared/templates/extra_ovals.yml
@@ -8,11 +8,6 @@ package_esc_installed:
   vars:
     pkgname: esc
 
-package_pam_pkcs11_installed:
-  name: package_installed
-  vars:
-    pkgname: pam_pkcs11
-
 package_GConf2_installed:
   name: package_installed
   vars:

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation