Last active
December 26, 2017 16:44
-
-
Save ptitoliv/fe10d4d37049801b60c98b255c7a6d66 to your computer and use it in GitHub Desktop.
Remediation test for smartcard packages installation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<Rule id="install_smartcard_packages" selected="false" severity="medium"> | |
<title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">Install Smart Card Packages For Multifactor Authentication</title> | |
<description xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US"> | |
Configure the operating system to implement multifactor authentication by | |
installing the required packages with the following command: | |
<html:pre xmlns:html="http://www.w3.org/1999/xhtml">$ sudo yum install esc pam_pkcs11 authconfig-gtk</html:pre> | |
</description> | |
<reference href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001954</reference> | |
<reference href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000375-GPOS-00160</reference> | |
<reference href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-87041r2_rule</reference> | |
<rationale xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US"> | |
Using an authentication device, such as a CAC or token that is separate from | |
the information system, ensures that even if the information system is | |
compromised, that compromise will not affect credentials stored on the | |
authentication device. | |
<html:br xmlns:html="http://www.w3.org/1999/xhtml"/><html:br xmlns:html="http://www.w3.org/1999/xhtml"/> | |
Multifactor solutions that require devices separate from | |
information systems gaining access include, for example, hardware tokens | |
providing time-based or challenge-response authenticators and smart cards such | |
as the U.S. Government Personal Identity Verification card and the DoD Common | |
Access Card. | |
</rationale> | |
<platform idref="cpe:/a:machine"/> | |
<fix xmlns:xhtml="http://www.w3.org/1999/xhtml" id="install_smartcard_packages" system="urn:xccdf:fix:script:sh"><ns0:sub xmlns:ns0="http://checklists.nist.gov/xccdf/1.1" idref="function_package_command"/> | |
package_command install esc | |
package_command install pam_pkcs11 | |
<ns0:sub xmlns:ns0="http://checklists.nist.gov/xccdf/1.1" idref="function_package_command"/> | |
package_command install authconfig-gtk | |
</fix> | |
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"> | |
<check-content-ref name="oval:ssg-install_smartcard_packages:def:1" href="ssg-rhel7-oval.xml"/> | |
</check> | |
<check system="http://scap.nist.gov/schema/ocil/2"> | |
<check-content-ref name="ocil:ssg-install_smartcard_packages_ocil:questionnaire:1" href="ssg-rhel7-ocil.xml"/> | |
</check> | |
</Rule> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# platform = multi_platform_rhel | |
. /usr/share/scap-security-guide/remediation_functions | |
package_command install esc | |
package_command install pam_pkcs11 | |
package_command install authconfig-gtk |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<def-group> | |
<definition class="compliance" id="install_smartcard_packages" version="1"> | |
<metadata> | |
<title>Install needed packages for smartcard use.</title> | |
<affected family="unix"> | |
<platform>Red Hat Enterprise Linux 7</platform> | |
</affected> | |
<description>The RPM packages esc pam_pkcs11 and authconfig-gtk must be installed.</description> | |
</metadata> | |
<criteria comment="packages for smartcard use are installed"> | |
<extend_definition comment="pam_pkcs11 package is installed" definition_ref="package_pam_pkcs11_installed" /> | |
<extend_definition comment="esc package is installed" definition_ref="package_esc_installed" /> | |
<extend_definition comment="authconfig-gtk package is installed" definition_ref="package_authconfig-gtk_installed" /> | |
</criteria> | |
</definition> | |
</def-group> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment