From 23f93efbb21f63a2dfac989afb562fd47e536f02 Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Fri, 30 Aug 2019 10:58:29 +0200
Subject: [PATCH] Remove rule configure_opensc_nss_db from RHEL8 product.

The rule is not applicable to RHEL8. OpenSC is set by default on RHEL8.
---
 .../configure_opensc_nss_db/ansible/shared.yml              | 2 +-
 .../smart_card_login/configure_opensc_nss_db/bash/shared.sh | 2 +-
 .../configure_opensc_nss_db/oval/shared.xml                 | 6 ++----
 .../smart_card_login/configure_opensc_nss_db/rule.yml       | 3 +--
 rhel8/profiles/pci-dss.profile                              | 1 -
 5 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/ansible/shared.yml
index 97a4c40288bd..5a29c7e3e33e 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,Oracle Linux 7
+# platform = Red Hat Enterprise Linux 7,multi_platform_fedora,multi_platform_rhv,Oracle Linux 7
 # reboot = false
 # strategy = configure
 # complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/bash/shared.sh
index ffa4ce43108d..3bdce15528bd 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,Oracle Linux 7
+# platform = Red Hat Enterprise Linux 7,multi_platform_fedora,multi_platform_rhv,Oracle Linux 7
 # reboot = false
 # strategy = configure
 # complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/oval/shared.xml
index 6ed27a1fdd65..21b43f486a1f 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/oval/shared.xml
@@ -1,16 +1,14 @@
 <def-group>
   <definition class="compliance" id="configure_opensc_nss_db" version="1">
     <metadata>
-      <title>Verify that Interactive Boot is Disabled</title>
+      <title>Check that NSS DB is set to use opensc</title>
       <affected family="unix">
         <platform>Red Hat Enterprise Linux 7</platform>
-        <platform>Red Hat Enterprise Linux 8</platform>
         <platform>multi_platform_fedora</platform>
         <platform>multi_platform_rhv</platform>
         <platform>Oracle Linux 7</platform>
       </affected>
-      <description>The ability for users to perform interactive startups should
-      be disabled.</description>
+      <description>The NSS DB should be set to use opensc library.</description>
     </metadata>
     <criteria>
       <criterion test_ref="test_configure_opensc_nss_db"
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/rule.yml
index af9f5be424c4..8b16bd279e46 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,fedora,rhv4,ol7
+prodtype: rhel7,fedora,rhv4,ol7
 
 title: 'Configure NSS DB To Use opensc'
 
@@ -20,7 +20,6 @@ severity: medium
 
 identifiers:
     cce@rhel7: 80567-1
-    cce@rhel8: 80767-7
 
 references:
     disa: 765,766,767,768,771,772,884
diff --git a/rhel8/profiles/pci-dss.profile b/rhel8/profiles/pci-dss.profile
index 1f46778723ef..c806b155dad1 100644
--- a/rhel8/profiles/pci-dss.profile
+++ b/rhel8/profiles/pci-dss.profile
@@ -112,7 +112,6 @@ selections:
     - security_patches_up_to_date
     - package_opensc_installed
     - var_smartcard_drivers=cac
-    - configure_opensc_nss_db
     - configure_opensc_card_drivers
     - force_opensc_card_drivers
     - package_pcsc-lite_installed