Skip to content

Commit

Permalink
Merge pull request #12738 from Mab879/clean_up_opensc_rules_rhel10
Browse files Browse the repository at this point in the history
Clean Up Opensc Rules in RHEL 10
  • Loading branch information
jan-cerny authored Dec 18, 2024
2 parents 3631b4b + f2bf77b commit b8d7a76
Show file tree
Hide file tree
Showing 9 changed files with 48 additions and 3 deletions.
1 change: 1 addition & 0 deletions components/opensc.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ rules:
- install_smartcard_packages
- package_opensc_installed
- package_pcsc-lite_installed
- package_pcsc-lite-ccid_installed
- service_pcscd_enabled
- smartcard_auth
- smartcard_configure_ca
Expand Down
2 changes: 2 additions & 0 deletions components/pcsc-lite.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
name: pcsc-lite
packages:
- pcsc-lite
- pcsc-lite-ccid
rules:
- package_pcsc-lite_installed
- package_pcsc-lite-ccid_installed
- service_pcscd_enabled
1 change: 1 addition & 0 deletions controls/ism_o.yml
Original file line number Diff line number Diff line change
Expand Up @@ -318,6 +318,7 @@ controls:
- force_opensc_card_drivers
- package_opensc_installed
- package_pcsc-lite_installed
- package_pcsc-lite-ccid_installed
- package_sudo_installed
- service_pcscd_enabled
status: partial
Expand Down
1 change: 1 addition & 0 deletions controls/srg_gpos/SRG-OS-000375-GPOS-00160.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,5 +12,6 @@ controls:
- install_smartcard_packages
- package_opensc_installed
- package_pcsc-lite_installed
- package_pcsc-lite-ccid_installed
- service_pcscd_enabled
status: automated
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
documentation_complete: true

title: 'Install the pcsc-lite-ccid package'

description: |-
{{{ describe_package_install(package="pcsc-lite-ccid") }}}
rationale: |-
The pcsc-lite-ccid package must be installed if it is to be available for
multifactor authentication using smartcards.
severity: medium

identifiers:
cce@rhel8: CCE-86243-3
cce@rhel9: CCE-86246-6
cce@rhel10: CCE-86250-8

references:
disa: CCI-004046
ism: 1382,1384,1386
nist: CM-6(a)
srg: SRG-OS-000375-GPOS-00160

ocil_clause: 'the package is not installed'

ocil: '{{{ ocil_package(package="pcsc-lite-ccid") }}}'

template:
name: package_installed
vars:
pkgname: pcsc-lite-ccid

fixtext: |-
{{{ fixtext_package_installed(package="pcsc-lite-ccid") | indent(4) }}}
srg_requirement: '{{{ srg_requirement_package_installed("pcsc-lite-ccid") }}}'
2 changes: 2 additions & 0 deletions products/rhel10/profiles/ism_o.profile
Original file line number Diff line number Diff line change
Expand Up @@ -44,3 +44,5 @@ selections:
- '!openssl_use_strong_entropy'
# Currently not working RHEL 10, changes are being made to FIPS mode. Investigation is recommended.
- '!enable_dracut_fips_module'
# This rule is not applicable for RHEL 10
- '!force_opensc_card_drivers'
2 changes: 2 additions & 0 deletions products/rhel10/profiles/ism_o_secret.profile
Original file line number Diff line number Diff line change
Expand Up @@ -46,3 +46,5 @@ selections:
- '!openssl_use_strong_entropy'
# Currently not working RHEL 10, changes are being made to FIPS mode. Investigation is recommended.
- '!enable_dracut_fips_module'
# This rule is not applicable for RHEL 10
- '!force_opensc_card_drivers'
2 changes: 2 additions & 0 deletions products/rhel10/profiles/ism_o_top_secret.profile
Original file line number Diff line number Diff line change
Expand Up @@ -44,3 +44,5 @@ selections:
- '!openssl_use_strong_entropy'
# Currently not working RHEL 10, changes are being made to FIPS mode. Investigation is recommended.
- '!enable_dracut_fips_module'
# This rule is not applicable for RHEL 10
- '!force_opensc_card_drivers'
3 changes: 0 additions & 3 deletions shared/references/cce-redhat-avail.txt
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,6 @@ CCE-86213-6
CCE-86214-4
CCE-86216-9
CCE-86217-7
CCE-86243-3
CCE-86246-6
CCE-86250-8
CCE-86253-2
CCE-86254-0
CCE-86268-0
Expand Down

0 comments on commit b8d7a76

Please sign in to comment.