diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/ansible/shared.yml
index ca3fd9a8d840..062b9ef69c6e 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/ansible/shared.yml
@@ -3,17 +3,17 @@
# strategy = configure
# complexity = low
# disruption = low
-- name: Check existence of pkcs11-switch
- stat:
- path: /usr/bin/pkcs11-switch
- register: pkcs11switch
+- name: "{{{ rule_title }}} - Check Existence of pkcs11-switch"
+ ansible.builtin.stat:
+ path: /usr/bin/pkcs11-switch
+ register: pkcs11switch
-- name: Get NSS database smart card configuration
- command: /usr/bin/pkcs11-switch
+- name: "{{{ rule_title }}} - Get NSS Database Smart Card Configuration"
+ ansible.builtin.command: /usr/bin/pkcs11-switch
changed_when: True
register: pkcsw_output
when: pkcs11switch.stat.exists
-- name: "{{{ rule_title }}}"
- command: /usr/bin/pkcs11-switch opensc
+- name: "{{{ rule_title }}} - Select opensc Module"
+ ansible.builtin.shell: echo -e "\n" | /usr/bin/pkcs11-switch opensc
when: pkcs11switch.stat.exists and pkcsw_output.stdout != "opensc"
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/bash/shared.sh
index ff943d7de9a9..3d912c276e7a 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/bash/shared.sh
@@ -7,5 +7,5 @@
PKCSSW=$(/usr/bin/pkcs11-switch)
if [ ${PKCSSW} != "opensc" ] ; then
- ${PKCSSW} opensc
+ echo -e "\n" | ${PKCSSW} opensc
fi
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/oval/shared.xml
deleted file mode 100644
index 6a7338df1660..000000000000
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/oval/shared.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-
-
- {{{ oval_metadata("The NSS DB should be set to use opensc library.") }}}
-
-
-
-
-
-
-
-
-
-
- /etc/pki/nssdb/pkcs11.txt
- ^library=opensc.*\.so$
- 1
-
-
-
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/rule.yml
index eb4186084d63..a989dfda8ca7 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/rule.yml
@@ -40,3 +40,9 @@ ocil: |-
run the following command:
$ pkcs11-switch
The output should return opensc
+
+warnings:
+ - general: |-
+ NSS modules information are stored in NSS database which is in binary format. Currently
+ it is not possible to check NSS database using OVAL. This is the reason there is no OVAL
+ check for this rule.