Enable the SSSD Service

An XCCDF Rule

Description

The SSSD service should be enabled. The sssd service can be enabled with the following command:

$ sudo systemctl enable sssd.service

warning alert: Warning

The service requires a valid sssd configuration. If the configuration is not present, the service will fail to start and consequently this rule will will be reported as failing. The configuration shipped in your distribution package might not be sufficient. Manual modification of configuration files might be required.

ID: xccdf_org.ssgproject.content_rule_service_sssd_enabled
Severity: Medium
References: 1 12 15 16 5

DSS05.04 DSS05.05 DSS05.07 DSS05.10 DSS06.03 DSS06.10

4.3.3.2.2 4.3.3.5.1 4.3.3.5.2 4.3.3.6.1 4.3.3.6.2 4.3.3.6.3 4.3.3.6.4 4.3.3.6.5 4.3.3.6.6 4.3.3.6.7 4.3.3.6.8 4.3.3.6.9 4.3.3.7.2 4.3.3.7.4

SR 1.1 SR 1.10 SR 1.2 SR 1.3 SR 1.4 SR 1.5 SR 1.7 SR 1.8 SR 1.9 SR 2.1

A.18.1.4 A.7.1.1 A.9.2.1 A.9.2.2 A.9.2.3 A.9.2.4 A.9.2.6 A.9.3.1 A.9.4.2 A.9.4.3

CM-6(a) IA-5(10)

PR.AC-1 PR.AC-6 PR.AC-7

CCE-82440-9

R67
Updated: 5 days ago

include enable_sssd

class enable_sssd {
  service {'sssd':
    enable => true,
    ensure => 'running',  }
}

- name: Gather the package facts
  package_facts:
    manager: auto
  tags:
  - CCE-82440-9
  - NIST-800-53-CM-6(a)  - NIST-800-53-IA-5(10)
  - enable_strategy
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - service_sssd_enabled

- name: Enable the SSSD Service - Enable service sssd
  block:

  - name: Gather the package facts
    package_facts:
      manager: auto

  - name: Enable the SSSD Service - Enable Service sssd
    ansible.builtin.systemd:
      name: sssd
      enabled: true
      state: started
      masked: false
    when:
    - '"sssd-common" in ansible_facts.packages'
  when:
  - '"sssd-common" in ansible_facts.packages'
  - '"kernel" in ansible_facts.packages'
  tags:
  - CCE-82440-9
  - NIST-800-53-CM-6(a)
  - NIST-800-53-IA-5(10)
  - enable_strategy
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - service_sssd_enabled


service enable sssd


[customizations.services]
enabled = ["sssd"]

# Remediation is applicable only in certain platforms
if rpm --quiet -q sssd-common && { rpm --quiet -q kernel; }; then

SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" unmask 'sssd.service'
"$SYSTEMCTL_EXEC" start 'sssd.service'"$SYSTEMCTL_EXEC" enable 'sssd.service'

else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi

Enable the SSSD Service

Description

Remediation - Puppet

Remediation - Ansible

Remediation - script:kickstart

Remediation - OS Build Blueprint

Remediation - Shell Script