From 6e3a497286a7a0336bf6a40bc892e1da89853772 Mon Sep 17 00:00:00 2001 From: Marcus Burghardt Date: Mon, 16 Sep 2024 16:31:32 +0200 Subject: [PATCH] Use sssd_conf_files_present applicability in sssd_enable_pam_services This rule is only applicable when SSSD is already in use and consequently configured. Signed-off-by: Marcus Burghardt --- .../services/sssd/sssd_enable_pam_services/rule.yml | 9 ++++++++- .../tests/sssd_config_missing.fail.sh | 3 +++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml b/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml index 29b3f397906..dd12e77d0c8 100644 --- a/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml +++ b/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml @@ -1,6 +1,5 @@ documentation_complete: true - title: 'Configure PAM in SSSD Services' description: |- @@ -37,6 +36,8 @@ references: srg: SRG-OS-000375-GPOS-00160,SRG-OS-000376-GPOS-00161,SRG-OS-000377-GPOS-00162 stigid@ol7: OL07-00-041002 +platform: sssd_conf_files_present + ocil_clause: 'it does not exist or ''pam'' is not added to the ''services'' option under the ''sssd'' section' ocil: |- @@ -44,3 +45,9 @@ ocil: |- 
$ sudo grep services /etc/sssd/sssd.conf
If configured properly, output should be similar to 
services = pam
+ +warnings: + - general: + This rule will report as "notapplicable" if there is no SSSD configuration file present + in the system. The SSSD configuration might be different for each site and therefore a new + configuration file is not automatically created. diff --git a/linux_os/guide/services/sssd/sssd_enable_pam_services/tests/sssd_config_missing.fail.sh b/linux_os/guide/services/sssd/sssd_enable_pam_services/tests/sssd_config_missing.fail.sh index 2c2a9a715b1..d4afd1157f9 100644 --- a/linux_os/guide/services/sssd/sssd_enable_pam_services/tests/sssd_config_missing.fail.sh +++ b/linux_os/guide/services/sssd/sssd_enable_pam_services/tests/sssd_config_missing.fail.sh @@ -2,6 +2,9 @@ # packages = sssd-common # remediation = none +# SSSD configuration files are expected to be created manually since the configuration can +# be different for each site. Therefore, if there is no configuration files previously created +# in the system, this rule will report "not applicable". SSSD_CONF_FILE="/etc/sssd/sssd.conf" SSSD_CONF_DIR_FILES="/etc/sssd/conf.d/*.conf"