Ensure the Chromium Policy Configuration File Exists

An XCCDF Rule

Description

Chromium can be configured with numerous policies and settings. These settings can be set so that a user is unable to edit or change them. To prevent users from setting or changing Chromium settings, a JavaScript Object Notation (JSON) file (contains the .json extension) must exist in /etc/chromium/policies/managed.

Refer to https://www.chromium.org/administrators/policy-list-3 for a list of currently supported Chromium policies.

Refer to https://www.chromium.org/administrators/policy_templates for pre-created Chromium JSON policy files.

warning alert: Warning

If the .json file in /etc/chromium/policies/managed is not formatted correctly, no policies will be configured or set correctly.

Rationale

The Chromium policy file must exist as this file contains configuration settings set by the System's Administrator to meet organization and/or security requirements.

ID: xccdf_org.ssgproject.content_rule_chromium_policy_file
Severity: Unknown
Updated: about 1 year ago

CHROME_POL_FILE="chrome_stig_policy.json"
CHROME_POL_DIR="/etc/chromium/policies/managed/"

if [ ! -d ${CHROME_POL_DIR} ] ; then
   mkdir -p ${CHROME_POL_DIR}
   chmod 755 ${CHROME_POL_DIR}fi

if [ ! -f ${CHROME_POL_DIR}/${CHROME_POL_FILE} ] ; then
   touch ${CHROME_POL_DIR}/${CHROME_POL_FILE}
   chmod 644 ${CHROME_POL_DIR}/${CHROME_POL_FILE}
fi

grep -q -E '^\{' ${CHROME_POL_DIR}/${CHROME_POL_FILE}
if ! [ $? -eq 0 ] ; then
   if [ -s ${CHROME_POL_DIR}/${CHROME_POL_FILE} ] ; then
      sed -i '1s/^/\{\n/' ${CHROME_POL_DIR}/${CHROME_POL_FILE}
   else
      echo -e "{" >> ${CHROME_POL_DIR}/${CHROME_POL_FILE}
   fi
fi

tail -1 ${CHROME_POL_DIR}/${CHROME_POL_FILE} | grep -q -E '^\}'
if ! [ $? -eq 0 ] ; then
   echo -e "}" >> ${CHROME_POL_DIR}/${CHROME_POL_FILE}
fi

Ensure the Chromium Policy Configuration File Exists

Description

Rationale

Remediation - Shell Script