Blame SOURCES/scap-security-guide-0.1.58-fix_cis_value_selector-PR_7452.patch

2e51aa
From bd790153e02c1d1725f59f5d88c65c77eb1421e9 Mon Sep 17 00:00:00 2001
2e51aa
From: Gabriel Becker <ggasparb@redhat.com>
2e51aa
Date: Tue, 24 Aug 2021 12:48:46 +0200
2e51aa
Subject: [PATCH] Add a new selector for var_system_crypto_policy and use it
2e51aa
 RHEL8 CIS.
2e51aa
2e51aa
This new selector is used to select explicit DEFAULT value in RHEL8 CIS
2e51aa
L1 profiles. The "default" selector cannot be selected and it causes
2e51aa
errors if used.
2e51aa
---
2e51aa
 controls/cis_rhel8.yml                                          | 2 +-
2e51aa
 .../software/integrity/crypto/var_system_crypto_policy.var      | 1 +
2e51aa
 2 files changed, 2 insertions(+), 1 deletion(-)
2e51aa
2e51aa
diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml
2e51aa
index 29d972427cf..c0d3f5f40de 100644
2e51aa
--- a/controls/cis_rhel8.yml
2e51aa
+++ b/controls/cis_rhel8.yml
2e51aa
@@ -553,7 +553,7 @@ controls:
2e51aa
     automated: yes
2e51aa
     rules:
2e51aa
       - configure_crypto_policy
2e51aa
-      - var_system_crypto_policy=default
2e51aa
+      - var_system_crypto_policy=default_policy
2e51aa
 
2e51aa
   # This rule works in conjunction with the configure_crypto_policy above.
2e51aa
   # If a system is remediated to CIS Level 1, just the rule above will apply
2e51aa
diff --git a/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var b/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var
2e51aa
index ce301154a39..8b89848d122 100644
2e51aa
--- a/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var
2e51aa
+++ b/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var
2e51aa
@@ -13,6 +13,7 @@ interactive: false
2e51aa
 
2e51aa
 options:
2e51aa
     default: DEFAULT
2e51aa
+    default_policy: DEFAULT
2e51aa
     default_nosha1: "DEFAULT:NO-SHA1"
2e51aa
     fips: FIPS
2e51aa
     fips_ospp: "FIPS:OSPP"