|
|
2e51aa |
From bd790153e02c1d1725f59f5d88c65c77eb1421e9 Mon Sep 17 00:00:00 2001
|
|
|
2e51aa |
From: Gabriel Becker <ggasparb@redhat.com>
|
|
|
2e51aa |
Date: Tue, 24 Aug 2021 12:48:46 +0200
|
|
|
2e51aa |
Subject: [PATCH] Add a new selector for var_system_crypto_policy and use it
|
|
|
2e51aa |
RHEL8 CIS.
|
|
|
2e51aa |
|
|
|
2e51aa |
This new selector is used to select explicit DEFAULT value in RHEL8 CIS
|
|
|
2e51aa |
L1 profiles. The "default" selector cannot be selected and it causes
|
|
|
2e51aa |
errors if used.
|
|
|
2e51aa |
---
|
|
|
2e51aa |
controls/cis_rhel8.yml | 2 +-
|
|
|
2e51aa |
.../software/integrity/crypto/var_system_crypto_policy.var | 1 +
|
|
|
2e51aa |
2 files changed, 2 insertions(+), 1 deletion(-)
|
|
|
2e51aa |
|
|
|
2e51aa |
diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml
|
|
|
2e51aa |
index 29d972427cf..c0d3f5f40de 100644
|
|
|
2e51aa |
--- a/controls/cis_rhel8.yml
|
|
|
2e51aa |
+++ b/controls/cis_rhel8.yml
|
|
|
2e51aa |
@@ -553,7 +553,7 @@ controls:
|
|
|
2e51aa |
automated: yes
|
|
|
2e51aa |
rules:
|
|
|
2e51aa |
- configure_crypto_policy
|
|
|
2e51aa |
- - var_system_crypto_policy=default
|
|
|
2e51aa |
+ - var_system_crypto_policy=default_policy
|
|
|
2e51aa |
|
|
|
2e51aa |
# This rule works in conjunction with the configure_crypto_policy above.
|
|
|
2e51aa |
# If a system is remediated to CIS Level 1, just the rule above will apply
|
|
|
2e51aa |
diff --git a/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var b/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var
|
|
|
2e51aa |
index ce301154a39..8b89848d122 100644
|
|
|
2e51aa |
--- a/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var
|
|
|
2e51aa |
+++ b/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var
|
|
|
2e51aa |
@@ -13,6 +13,7 @@ interactive: false
|
|
|
2e51aa |
|
|
|
2e51aa |
options:
|
|
|
2e51aa |
default: DEFAULT
|
|
|
2e51aa |
+ default_policy: DEFAULT
|
|
|
2e51aa |
default_nosha1: "DEFAULT:NO-SHA1"
|
|
|
2e51aa |
fips: FIPS
|
|
|
2e51aa |
fips_ospp: "FIPS:OSPP"
|