ComplianceAsCode · yuumasato · Nov 30, 2018 · Nov 30, 2018 · Dec 4, 2018 · Dec 4, 2018
diff --git a/fedora/templates/csv/packages_installed.csv b/fedora/templates/csv/packages_installed.csv
@@ -9,6 +9,7 @@ libreswan
 ntp
 opensc
 openssh-server
+pcsc-lite
 vsftpd
 postfix
 screen

diff --git a/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml b/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel6,rhel7,rhel8
+prodtype: rhel6,rhel7
 
 title: 'Uninstall openldap-servers Package'
 

diff --git a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel6,rhel7,rhel8,ol7
+prodtype: rhel6,rhel7,ol7
 
 title: 'Remove NIS Client'
 

diff --git a/linux_os/guide/services/obsolete/nis/service_ypbind_disabled/rule.yml b/linux_os/guide/services/obsolete/nis/service_ypbind_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel6,rhel7,rhel8
+prodtype: rhel6,rhel7
 
 title: 'Disable ypbind Service'
 

diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel6,rhel7,rhel8
+prodtype: rhel6,rhel7
 
 title: 'Uninstall rsh Package'
 

diff --git a/linux_os/guide/services/obsolete/r_services/service_rsh_disabled/rule.yml b/linux_os/guide/services/obsolete/r_services/service_rsh_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel6,rhel7,rhel8,ol7
+prodtype: rhel6,rhel7,ol7
 
 title: 'Disable rsh Service'
 

diff --git a/...counts-physical/screen_locking/smart_card_login/install_smartcard_packages/bash/shared.sh b/...counts-physical/screen_locking/smart_card_login/install_smartcard_packages/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel
+# platform = Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7
 . /usr/share/scap-security-guide/remediation_functions
 
 package_install esc

diff --git a/...ounts-physical/screen_locking/smart_card_login/install_smartcard_packages/oval/shared.xml b/...ounts-physical/screen_locking/smart_card_login/install_smartcard_packages/oval/shared.xml
@@ -4,7 +4,6 @@
       <title>Install needed packages for smartcard use.</title>
       <affected family="unix">
         <platform>Red Hat Enterprise Linux 7</platform>
-        <platform>Red Hat Enterprise Linux 8</platform>
       </affected>
       <description>The RPM packages esc pam_pkcs11 and authconfig-gtk must be installed.</description>
     </metadata>

diff --git a/...nts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml b/...nts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8
+prodtype: rhel7
 
 title: 'Install Smart Card Packages For Multifactor Authentication'
 

diff --git a/...accounts-physical/screen_locking/smart_card_login/smartcard_auth/anaconda/shared.anaconda b/...accounts-physical/screen_locking/smart_card_login/smartcard_auth/anaconda/shared.anaconda
@@ -1,3 +1,3 @@
-# platform = multi_platform_rhel, multi_platform_ol
+# platform = Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,multi_platform_ol
 
 package --add=pam_pkcs11 --add=esc
diff --git a/.../accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth/bash/shared.sh b/.../accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,multi_platform_ol
+# platform = Red Hat Enterprise Linux 7,multi_platform_ol
 . /usr/share/scap-security-guide/remediation_functions
 
 # Install required packages

diff --git a/...accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth/oval/shared.xml b/...accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth/oval/shared.xml
@@ -5,7 +5,6 @@
       <affected family="unix">
         <platform>Red Hat Enterprise Linux 6</platform>
         <platform>Red Hat Enterprise Linux 7</platform>
-        <platform>Red Hat Enterprise Linux 8</platform>
         <platform>multi_platform_ol</platform>
       </affected>
       <description>Enable Smart Card logins</description>

diff --git a/...system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth/rule.yml b/...system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel6,rhel7,rhel8,fedora,ol7
+prodtype: rhel6,rhel7,fedora,ol7
 
 title: 'Enable Smart Card Login'
 

diff --git a/rhel8/profiles/hipaa.profile b/rhel8/profiles/hipaa.profile
@@ -34,22 +34,17 @@ selections:
     - sshd_disable_root_login
     - libreswan_approved_tunnels
     - no_rsh_trust_files
-    - package_rsh_removed
     - package_rsh-server_removed
     - package_talk_removed
     - package_talk-server_removed
     - package_telnet_removed
     - package_telnet-server_removed
     - package_xinetd_removed
-    - package_ypbind_removed
-    - package_ypserv_removed
     - service_crond_enabled
     - service_rexec_disabled
     - service_rlogin_disabled
-    - service_rsh_disabled
     - service_telnet_disabled
     - service_xinetd_disabled
-    - service_ypbind_disabled
     - service_zebra_disabled
     - use_kerberos_security_all_exports
     - disable_host_auth

diff --git a/rhel8/profiles/pci-dss.profile b/rhel8/profiles/pci-dss.profile
@@ -112,7 +112,13 @@ selections:
     - ensure_redhat_gpgkey_installed
     - ensure_gpgcheck_globally_activated
     - ensure_gpgcheck_never_disabled
-    - smartcard_auth
+    - package_opensc_installed
+    - var_smartcard_drivers=cac
+    - configure_opensc_nss_db
+    - configure_opensc_card_drivers
+    - force_opensc_card_drivers
+    - service_pcscd_enabled
+    - sssd_enable_smartcards
     - set_password_hashing_algorithm_systemauth
     - set_password_hashing_algorithm_logindefs
     - set_password_hashing_algorithm_libuserconf

diff --git a/rhel8/templates/csv/packages_installed.csv b/rhel8/templates/csv/packages_installed.csv
@@ -9,6 +9,7 @@ libreswan
 ntp
 opensc
 openssh-server
+pcsc-lite
 vsftpd
 postfix
 tmux

diff --git a/rhel8/templates/csv/packages_removed.csv b/rhel8/templates/csv/packages_removed.csv
@@ -21,18 +21,15 @@ mcstrans
 mdadm
 net-snmp
 nfs-utils
-ntp
 ntpdate
 oddjob
-openldap-servers
 openssh-server
 portreserve
 prelink
 qpid-cpp-server
 quagga
 quota-nld
 rhnsd
-rsh
 rsh-server
 samba
 samba-common
@@ -52,6 +49,4 @@ tftp-server
 vsftpd
 xinetd
 xorg-x11-server-common
-ypbind
-ypserv
 systemd
-Original file line number
+Diff line change
@@ Expand Up / @@ -9,6 +9,7 @@ libreswan @@
     ntp
     opensc
     openssh-server
+    pcsc-lite
     vsftpd
     postfix
     screen
@@ Expand Down @@