Skip to content

Commit dd4db7e

Browse files
jan-cernyjan-cerny
authored
Merge pull request #13404 from Mab879/update_ssh_client_rhel8_stig
Update STIG IDs for SSH Client MAC and Ciphers rules on RHEL 8
2 parents a53a1e2 + 682fd39 commit dd4db7e

File tree

5 files changed

+12
-2
lines changed

5 files changed

+12
-2
lines changed

linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ references:
3030
disa: CCI-001453
3131
nist: AC-17(2)
3232
srg: SRG-OS-000033-GPOS-00014,SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174,SRG-OS-000423-GPOS-00187
33-
stigid@rhel8: RHEL-08-010020
33+
stigid@rhel8: RHEL-08-010020,RHEL-08-010296
3434

3535
ocil_clause: 'Crypto Policy for OpenSSH client is not configured correctly'
3636

linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ references:
2828
disa: CCI-000877,CCI-001453
2929
nist: AC-17(2)
3030
srg: SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093
31-
stigid@rhel8: RHEL-08-010020
31+
stigid@rhel8: RHEL-08-010020,RHEL-08-010296
3232

3333
ocil_clause: 'Crypto Policy for OpenSSH client is not configured correctly'
3434

products/rhel8/profiles/stig.profile

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -221,6 +221,12 @@ selections:
221221
# RHEL-08-010295
222222
- configure_gnutls_tls_crypto_policy
223223

224+
# RHEL-08-010296
225+
- harden_sshd_macs_openssh_conf_crypto_policy
226+
227+
# RHEL-08-010297
228+
- harden_sshd_ciphers_openssh_conf_crypto_policy
229+
224230
# RHEL-08-010300
225231
- file_permissions_binary_dirs
226232

tests/data/profile_stability/rhel8/stig.profile

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -250,7 +250,9 @@ selections:
250250
- grub2_uefi_admin_username
251251
- grub2_uefi_password
252252
- grub2_vsyscall_argument
253+
- harden_sshd_ciphers_openssh_conf_crypto_policy
253254
- harden_sshd_ciphers_opensshserver_conf_crypto_policy
255+
- harden_sshd_macs_openssh_conf_crypto_policy
254256
- harden_sshd_macs_opensshserver_conf_crypto_policy
255257
- install_smartcard_packages
256258
- installed_OS_is_vendor_supported

tests/data/profile_stability/rhel8/stig_gui.profile

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -261,7 +261,9 @@ selections:
261261
- grub2_uefi_admin_username
262262
- grub2_uefi_password
263263
- grub2_vsyscall_argument
264+
- harden_sshd_ciphers_openssh_conf_crypto_policy
264265
- harden_sshd_ciphers_opensshserver_conf_crypto_policy
266+
- harden_sshd_macs_openssh_conf_crypto_policy
265267
- harden_sshd_macs_opensshserver_conf_crypto_policy
266268
- install_smartcard_packages
267269
- installed_OS_is_vendor_supported

0 commit comments

Comments
 (0)