RHEL 9 draft STIG CCE-87332-3 & CCE-87567-4

[onceanddone]

Configure SSH Server to Use FIPS 140-2 Validated Ciphers: opensshserver.config
Check is currently looking for "-oCiphers=aes256-ctr,aes192-ctr,aes128-ctr" but the files in /etc/crypto-policies/back-ends/ have changed to read "Ciphers aes256-ctr,aes192-ctr,aes128-ctr"

Configure SSH Server to Use FIPS 140-2 Validated MACs: opensshserver.config
This applies also to CCE-87567-4 which is looking for -oMACS=hmac-sha2-512,hmac-sha2-256 but should be looking for "MACS hmac-sha2-512,hmac-sha2-256"

[marcusburghardt]

@Mab879 @yuumasato

[marcusburghardt]

I assume this was related to the sshd_use_approved_ciphers rule but it is not currently included in STIG Draft profile for RHEL9 and its check is correct. If still relevant, please reopen with more details on how to reproduce this issue.