Skip to content

Fix configure_opensc_nss_db bash remediation #7017

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
freddieRv wants to merge 1 commit into from
Closed

Fix configure_opensc_nss_db bash remediation #7017

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 6 additions & 3 deletions .../accounts-physical/screen_locking/smart_card_login/configure_opensc_nss_db/bash/shared.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,11 @@
# complexity = low
# disruption = low

PKCSSW=$(/usr/bin/pkcs11-switch)
PKCSSW="/usr/bin/pkcs11-switch"
Copy link
Copy Markdown
Contributor

@mildas mildas May 26, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This script is in the opensc package so if the package is not installed the remediation will do result in error.

@ggbecker do you think that installing the opensc package in this remediation is a good idea? Installation of opensc feels like a different rule, however without the package we can't perform remediation of this one.

Copy link
Copy Markdown
Collaborator

@jan-cerny jan-cerny Aug 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mildas Probably yes, Imagine that somebody will update the rule in the future and this test will be executed by the CTF.

MODULE=$(${PKCSSW})

if [ ${PKCSSW} != "opensc" ] ; then
${PKCSSW} opensc
if [ "$MODULE" != "opensc" ] ; then
echo | ${PKCSSW} opensc
fi

modutil -force -add opensc -dbdir sql:/etc/pki/nssdb -libfile opensc-pkcs11.so