|
|
ff1465 |
From 155a46f32b02fec3fa9a99d2a6fa2f1a5287fcaf Mon Sep 17 00:00:00 2001
|
|
|
ff1465 |
From: Matthew Burket <mburket@redhat.com>
|
|
|
ff1465 |
Date: Wed, 29 Sep 2021 09:43:56 -0500
|
|
|
ff1465 |
Subject: [PATCH] Add RHEL8 FIPS STIG ID to few rules
|
|
|
ff1465 |
|
|
|
ff1465 |
---
|
|
|
ff1465 |
.../integrity/crypto/configure_ssh_crypto_policy/rule.yml | 1 +
|
|
|
ff1465 |
.../harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml | 1 +
|
|
|
ff1465 |
.../crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml | 1 +
|
|
|
ff1465 |
3 files changed, 3 insertions(+)
|
|
|
ff1465 |
|
|
|
ff1465 |
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
|
|
|
ff1465 |
index 9ac0b55f65a..2f4fb79eb54 100644
|
|
|
ff1465 |
--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
|
|
|
ff1465 |
+++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
|
|
|
ff1465 |
@@ -29,6 +29,7 @@ references:
|
|
|
ff1465 |
nerc-cip: CIP-003-3 R4.2,CIP-007-3 R5.1,CIP-007-3 R7.1
|
|
|
ff1465 |
nist: AC-17(a),AC-17(2),CM-6(a),MA-4(6),SC-13
|
|
|
ff1465 |
srg: SRG-OS-000250-GPOS-00093
|
|
|
ff1465 |
+ stigid@rhel8: RHEL-08-010020
|
|
|
ff1465 |
|
|
|
ff1465 |
ocil_clause: 'the CRYPTO_POLICY variable is not set or is commented in the /etc/sysconfig/sshd'
|
|
|
ff1465 |
|
|
|
ff1465 |
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
|
|
|
ff1465 |
index 682ca436b8d..adeae314fff 100644
|
|
|
ff1465 |
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
|
|
|
ff1465 |
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
|
|
|
ff1465 |
@@ -30,6 +30,7 @@ references:
|
|
|
ff1465 |
disa: CCI-001453
|
|
|
ff1465 |
nist: AC-17(2)
|
|
|
ff1465 |
srg: SRG-OS-000250-GPOS-00093
|
|
|
ff1465 |
+ stigid@rhel8: RHEL-08-010020
|
|
|
ff1465 |
|
|
|
ff1465 |
ocil_clause: 'Crypto Policy for OpenSSH client is not configured correctly'
|
|
|
ff1465 |
|
|
|
ff1465 |
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
|
|
|
ff1465 |
index d21f68ac17a..12e527ca33d 100644
|
|
|
ff1465 |
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
|
|
|
ff1465 |
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
|
|
|
ff1465 |
@@ -28,6 +28,7 @@ references:
|
|
|
ff1465 |
disa: CCI-001453
|
|
|
ff1465 |
nist: AC-17(2)
|
|
|
ff1465 |
srg: SRG-OS-000250-GPOS-00093
|
|
|
ff1465 |
+ stigid@rhel8: RHEL-08-010020
|
|
|
ff1465 |
|
|
|
ff1465 |
ocil_clause: 'Crypto Policy for OpenSSH client is not configured correctly'
|
|
|
ff1465 |
|