Skip to content

Install the opensc Package For Multifactor Authentication

An XCCDF Rule

Description

The opensc package can be installed with the following command:

$ sudo yum install opensc

Rationale

Using an authentication device, such as a CAC or token that is separate from the information system, ensures that even if the information system is compromised, that compromise will not affect credentials stored on the authentication device.

Multifactor solutions that require devices separate from information systems gaining access include, for example, hardware tokens providing time-based or challenge-response authenticators and smart cards such as the U.S. Government Personal Identity Verification card and the DoD Common Access Card.

ID
xccdf_org.ssgproject.content_rule_package_opensc_installed
Severity
Medium
References
Updated



Remediation - Anaconda Pre-Install Instructions


package --add=opensc

Remediation - OS Build Blueprint


[[packages]]
name = "opensc"
version = "*"

Remediation - Ansible

- name: Ensure opensc is installed
  package:
    name: opensc
    state: present
  when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
  tags:

Remediation - Shell Script

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

if ! rpm -q --quiet "opensc" ; then
    yum install -y "opensc"
fi

Remediation - Puppet

include install_opensc

class install_opensc {
  package { 'opensc':
    ensure => 'installed',
  }