Install the opensc Package For Multifactor Authentication

An XCCDF Rule

Description

The opensc-pkcs11 package can be installed with the following command:

$ apt-get install opensc-pkcs11

Rationale

Using an authentication device, such as a CAC or token that is separate from the information system, ensures that even if the information system is compromised, that compromise will not affect credentials stored on the authentication device.

Multifactor solutions that require devices separate from information systems gaining access include, for example, hardware tokens providing time-based or challenge-response authenticators and smart cards such as the U.S. Government Personal Identity Verification card and the DoD Common Access Card.

ID: xccdf_org.ssgproject.content_rule_package_opensc_installed
Severity: Medium
References: CCI-001953 CCI-001954

1382 1384 1386

CM-6(a)

SRG-OS-000375-GPOS-00160 SRG-OS-000376-GPOS-00161

UBTU-20-010064

SV-238231r853411_rule
Updated: about 1 year ago


[[packages]]
name = "opensc-pkcs11"
version = "*"

- name: Ensure opensc-pkcs11 is installed
  package:
    name: opensc-pkcs11
    state: present
  when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
  tags:  - DISA-STIG-UBTU-20-010064
  - NIST-800-53-CM-6(a)
  - enable_strategy
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - package_opensc_installed

include install_opensc-pkcs11

class install_opensc-pkcs11 {
  package { 'opensc-pkcs11':
    ensure => 'installed',
  }}

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

DEBIAN_FRONTEND=noninteractive apt-get install -y "opensc-pkcs11"

else    >&2 echo 'Remediation is not applicable, nothing was done'
fi

Install the opensc Package For Multifactor Authentication

Description

Rationale

Remediation - OS Build Blueprint

Remediation - Ansible

Remediation - Puppet

Remediation - Shell Script