Enable Only Approved Extensions

An XCCDF Rule

Description

An organization might need to use an internal or third party developed extension. Any organizationally approved extenstion should be enabled. To enable approved extensions, set ExtensionInstallWhitelist to in the Chromium policy file. If there are no approved extensions, ExtensionInstallWhitelist should be set to .

Rationale

The whitelist should only contain organizationally approved extensions. This is to prevent a user from accidently whitelisitng a malicious extension.

ID: xccdf_org.ssgproject.content_rule_chromium_extension_whitelist
Severity: Unknown
References: DTBC0003
Updated: over 1 year ago

Remediation Templates

var_extension_whitelist='<xccdf-1.2:sub xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" idref="xccdf_org.ssgproject.content_value_var_extension_whitelist" use="legacy"/>'


var_extension_whitelist_modified="$(echo ${var_extension_whitelist} | sed 's/\//\\\/\\/')"



if ! grep -q ExtensionInstallWhitelist /etc/chromium/policies/managed/chrome_stig_policy.json; then
   sed -i -e '/{/a \  "'ExtensionInstallWhitelist'": '${var_extension_whitelist}',' /etc/chromium/policies/managed/chrome_stig_policy.json
else
   sed -i -e 's/\"'ExtensionInstallWhitelist'.*/\"'ExtensionInstallWhitelist'\": '${var_extension_whitelist_modified}',/g' /etc/chromium/policies/managed/chrome_stig_policy.json
fi

Enable Only Approved Extensions

Description

Rationale

Remediation Templates

A Shell Script