Skip to content

Instantly share code, notes, and snippets.

Last active Dec 26, 2017
What would you like to do?
Remediation test for smartcard packages installation
<Rule id="install_smartcard_packages" selected="false" severity="medium">
<title xmlns:xhtml="" xml:lang="en-US">Install Smart Card Packages For Multifactor Authentication</title>
<description xmlns:xhtml="" xml:lang="en-US">
Configure the operating system to implement multifactor authentication by
installing the required packages with the following command:
<html:pre xmlns:html="">$ sudo yum install esc pam_pkcs11 authconfig-gtk</html:pre>
<reference href="">CCI-001954</reference>
<reference href="">SRG-OS-000375-GPOS-00160</reference>
<reference href="">SV-87041r2_rule</reference>
<rationale xmlns:xhtml="" xml:lang="en-US">
Using an authentication device, such as a CAC or token that is separate from
the information system, ensures that even if the information system is
compromised, that compromise will not affect credentials stored on the
authentication device.
<html:br xmlns:html=""/><html:br xmlns:html=""/>
Multifactor solutions that require devices separate from
information systems gaining access include, for example, hardware tokens
providing time-based or challenge-response authenticators and smart cards such
as the U.S. Government Personal Identity Verification card and the DoD Common
Access Card.
<platform idref="cpe:/a:machine"/>
<fix xmlns:xhtml="" id="install_smartcard_packages" system="urn:xccdf:fix:script:sh"><ns0:sub xmlns:ns0="" idref="function_package_command"/>
package_command install esc
package_command install pam_pkcs11
<ns0:sub xmlns:ns0="" idref="function_package_command"/>
package_command install authconfig-gtk
<check system="">
<check-content-ref name="oval:ssg-install_smartcard_packages:def:1" href="ssg-rhel7-oval.xml"/>
<check system="">
<check-content-ref name="ocil:ssg-install_smartcard_packages_ocil:questionnaire:1" href="ssg-rhel7-ocil.xml"/>
# platform = multi_platform_rhel
. /usr/share/scap-security-guide/remediation_functions
package_command install esc
package_command install pam_pkcs11
package_command install authconfig-gtk
<definition class="compliance" id="install_smartcard_packages" version="1">
<title>Install needed packages for smartcard use.</title>
<affected family="unix">
<platform>Red Hat Enterprise Linux 7</platform>
<description>The RPM packages esc pam_pkcs11 and authconfig-gtk must be installed.</description>
<criteria comment="packages for smartcard use are installed">
<extend_definition comment="pam_pkcs11 package is installed" definition_ref="package_pam_pkcs11_installed" />
<extend_definition comment="esc package is installed" definition_ref="package_esc_installed" />
<extend_definition comment="authconfig-gtk package is installed" definition_ref="package_authconfig-gtk_installed" />
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment