Enable Only Approved Plugins

An XCCDF Rule

Description

An organization might need to use an internal or third party developed plugins. Any organizationally approved plugin should be enabled. To enable approved plugins, set EnabledPlugins to the list of organizationally approved plugins in the Chromium policy file.

Rationale

The whitelist should only contain organizationally approved plugins. This is to prevent a user from accidently whitelisitng a malicious plugin.

ID: xccdf_org.ssgproject.content_rule_chromium_enable_approved_plugins
Severity: Unknown
References: DTBC0035
Updated: about 1 year ago


var_enable_approved_plugins='<xccdf-1.2:sub xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" idref="xccdf_org.ssgproject.content_value_var_enable_approved_plugins" use="legacy"/>'


# set var to empty string if None
if [ "$var_enable_approved_plugins" = "None" ]; then    var_enable_approved_plugins=""
fi

var_enable_approved_plugins_modified="$(echo ${var_enable_approved_plugins} | sed 's/\//\\\/\\/')"




if ! grep -q EnabledPlugins /etc/chromium/policies/managed/chrome_stig_policy.json; then
   sed -i -e '/{/a \  "'EnabledPlugins'": '\[${var_enable_approved_plugins}\]',' /etc/chromium/policies/managed/chrome_stig_policy.json
else
   sed -i -e 's/\"'EnabledPlugins'.*/\"'EnabledPlugins'\": '\[${var_enable_approved_plugins_modified}\]',/g' /etc/chromium/policies/managed/chrome_stig_policy.json
fi

Enable Only Approved Plugins

Description

Rationale

Remediation - Shell Script