diff --git a/doc/metadata/rhel7/RHEL-07-040050.rst b/doc/metadata/rhel7/RHEL-07-040050.rst index 0be6fd51..f3d87671 100644 --- a/doc/metadata/rhel7/RHEL-07-040050.rst +++ b/doc/metadata/rhel7/RHEL-07-040050.rst @@ -1,7 +1,11 @@ --- id: RHEL-07-040050 -status: not implemented -tag: misc +status: exception - manual intervention +tag: file_perms --- -This STIG requirement is not yet implemented. +This control requires that ``/etc/pam_pkcs11/subject_mapping`` exists on the +system. It is only required on systems that use PKI-based authentication. + +Deployers should perform this step manually based on the needs of their +authentication configuration. diff --git a/doc/metadata/rhel7/RHEL-07-040060.rst b/doc/metadata/rhel7/RHEL-07-040060.rst index b9bdc303..554d2c32 100644 --- a/doc/metadata/rhel7/RHEL-07-040060.rst +++ b/doc/metadata/rhel7/RHEL-07-040060.rst @@ -1,7 +1,9 @@ --- id: RHEL-07-040060 -status: not implemented -tag: misc +status: implemented +tag: file_perms --- -This STIG requirement is not yet implemented. +The tasks in this role set the mode on ``/etc/pam_pkcs11/cn_map`` to ``0644``. +If the file permissions are more restrictive than ``0644`` on the system, they +are not changed. diff --git a/doc/metadata/rhel7/RHEL-07-040070.rst b/doc/metadata/rhel7/RHEL-07-040070.rst index 25ecff4f..d51db937 100644 --- a/doc/metadata/rhel7/RHEL-07-040070.rst +++ b/doc/metadata/rhel7/RHEL-07-040070.rst @@ -1,7 +1,8 @@ --- id: RHEL-07-040070 -status: not implemented -tag: misc +status: implemented +tag: file_perms --- -This STIG requirement is not yet implemented. +The default owner for ``/etc/pam_pkcs11/cn_map`` is ``root``. The role ensures +that this default is maintained if the file exists. diff --git a/doc/metadata/rhel7/RHEL-07-040080.rst b/doc/metadata/rhel7/RHEL-07-040080.rst index 3c0f58f6..687ee3f6 100644 --- a/doc/metadata/rhel7/RHEL-07-040080.rst +++ b/doc/metadata/rhel7/RHEL-07-040080.rst @@ -1,7 +1,8 @@ --- id: RHEL-07-040080 -status: not implemented -tag: misc +status: implemented +tag: file_perms --- -This STIG requirement is not yet implemented. +The default group owner for ``/etc/pam_pkcs11/cn_map`` is ``root``. The role +ensures that this default is maintained if the file exists.