Remediation test for smartcard packages installation

eval.xml

            <Rule id="install_smartcard_packages" selected="false" severity="medium">
              <title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">Install Smart Card Packages For Multifactor Authentication</title>
              <description xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">
Configure the operating system to implement multifactor authentication by
installing the required packages with the following command:
<html:pre xmlns:html="http://www.w3.org/1999/xhtml">$ sudo yum install esc pam_pkcs11 authconfig-gtk</html:pre>
</description>
              <reference href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001954</reference>
              <reference href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000375-GPOS-00160</reference>
              <reference href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-87041r2_rule</reference>
              <rationale xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">
Using an authentication device, such as a CAC or token that is separate from
the information system, ensures that even if the information system is
compromised, that compromise will not affect credentials stored on the
authentication device.
<html:br xmlns:html="http://www.w3.org/1999/xhtml"/><html:br xmlns:html="http://www.w3.org/1999/xhtml"/>
Multifactor solutions that require devices separate from
information systems gaining access include, for example, hardware tokens
providing time-based or challenge-response authenticators and smart cards such
as the U.S. Government Personal Identity Verification card and the DoD Common
Access Card.
</rationale>
              <platform idref="cpe:/a:machine"/>
              <fix xmlns:xhtml="http://www.w3.org/1999/xhtml" id="install_smartcard_packages" system="urn:xccdf:fix:script:sh"><ns0:sub xmlns:ns0="http://checklists.nist.gov/xccdf/1.1" idref="function_package_command"/>
package_command install esc
package_command install pam_pkcs11
<ns0:sub xmlns:ns0="http://checklists.nist.gov/xccdf/1.1" idref="function_package_command"/>
package_command install authconfig-gtk
</fix>
              <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
                <check-content-ref name="oval:ssg-install_smartcard_packages:def:1" href="ssg-rhel7-oval.xml"/>
              </check>
              <check system="http://scap.nist.gov/schema/ocil/2">
                <check-content-ref name="ocil:ssg-install_smartcard_packages_ocil:questionnaire:1" href="ssg-rhel7-ocil.xml"/>
              </check>
            </Rule>

install_smartcard_packages.sh

# platform = multi_platform_rhel
. /usr/share/scap-security-guide/remediation_functions

package_command install esc
package_command install pam_pkcs11
package_command install authconfig-gtk

install_smartcard_packages.xml

<def-group>
  <definition class="compliance" id="install_smartcard_packages" version="1">
    <metadata>
      <title>Install needed packages for smartcard use.</title>
      <affected family="unix">
        <platform>Red Hat Enterprise Linux 7</platform>
      </affected>
      <description>The RPM packages esc pam_pkcs11 and authconfig-gtk must be installed.</description>
    </metadata>
      <criteria comment="packages for smartcard use are installed">
      <extend_definition comment="pam_pkcs11 package is installed" definition_ref="package_pam_pkcs11_installed" />
      <extend_definition comment="esc package is installed" definition_ref="package_esc_installed" />
      <extend_definition comment="authconfig-gtk package is installed" definition_ref="package_authconfig-gtk_installed" />
      </criteria>
  </definition>
</def-group>