|
 |
12e95e |
diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile
|
|
|
12e95e |
index d92bc72971c..98cabee38dd 100644
|
|
|
12e95e |
--- a/products/rhel8/profiles/stig.profile
|
|
|
12e95e |
+++ b/products/rhel8/profiles/stig.profile
|
|
|
12e95e |
@@ -51,7 +51,7 @@ selections:
|
|
|
12e95e |
- var_password_pam_lcredit=1
|
|
|
12e95e |
- var_password_pam_retry=3
|
|
|
12e95e |
- var_password_pam_minlen=15
|
|
|
12e95e |
- - var_sshd_set_keepalive=0
|
|
|
12e95e |
+ # - var_sshd_set_keepalive=0
|
|
|
12e95e |
- sshd_approved_macs=stig
|
|
|
12e95e |
- sshd_approved_ciphers=stig
|
|
|
12e95e |
- sshd_idle_timeout_value=10_minutes
|
|
|
12e95e |
@@ -170,11 +170,13 @@ selections:
|
|
|
12e95e |
# RHEL-08-010190
|
|
|
12e95e |
- dir_perms_world_writable_sticky_bits
|
|
|
12e95e |
|
|
|
12e95e |
- # RHEL-08-010200
|
|
|
12e95e |
- - sshd_set_keepalive_0
|
|
|
12e95e |
-
|
|
|
12e95e |
- # RHEL-08-010201
|
|
|
12e95e |
- - sshd_set_idle_timeout
|
|
|
12e95e |
+ # These two items don't behave as they used to in RHEL8.6 and RHEL9
|
|
|
12e95e |
+ # anymore. They will be disabled for now until an alternative
|
|
|
12e95e |
+ # solution is found.
|
|
|
12e95e |
+ # # RHEL-08-010200
|
|
|
12e95e |
+ # - sshd_set_keepalive_0
|
|
|
12e95e |
+ # # RHEL-08-010201
|
|
|
12e95e |
+ # - sshd_set_idle_timeout
|
|
|
12e95e |
|
|
|
12e95e |
# RHEL-08-010210
|
|
|
12e95e |
- file_permissions_var_log_messages
|
|
|
12e95e |
diff --git a/products/rhel9/profiles/stig.profile b/products/rhel9/profiles/stig.profile
|
|
|
12e95e |
index 42c6d0e9aca..842f17c7021 100644
|
|
|
12e95e |
--- a/products/rhel9/profiles/stig.profile
|
|
|
12e95e |
+++ b/products/rhel9/profiles/stig.profile
|
|
|
12e95e |
@@ -52,7 +52,7 @@ selections:
|
|
|
12e95e |
- var_password_pam_lcredit=1
|
|
|
12e95e |
- var_password_pam_retry=3
|
|
|
12e95e |
- var_password_pam_minlen=15
|
|
|
12e95e |
- - var_sshd_set_keepalive=0
|
|
|
12e95e |
+ # - var_sshd_set_keepalive=0
|
|
|
12e95e |
- sshd_approved_macs=stig
|
|
|
12e95e |
- sshd_approved_ciphers=stig
|
|
|
12e95e |
- sshd_idle_timeout_value=10_minutes
|
|
|
12e95e |
@@ -171,11 +171,13 @@ selections:
|
|
|
12e95e |
# RHEL-08-010190
|
|
|
12e95e |
- dir_perms_world_writable_sticky_bits
|
|
|
12e95e |
|
|
|
12e95e |
- # RHEL-08-010200
|
|
|
12e95e |
- - sshd_set_keepalive_0
|
|
|
12e95e |
-
|
|
|
12e95e |
- # RHEL-08-010201
|
|
|
12e95e |
- - sshd_set_idle_timeout
|
|
|
12e95e |
+ # These two items don't behave as they used to in RHEL8.6 and RHEL9
|
|
|
12e95e |
+ # anymore. They will be disabled for now until an alternative
|
|
|
12e95e |
+ # solution is found.
|
|
|
12e95e |
+ # # RHEL-08-010200
|
|
|
12e95e |
+ # - sshd_set_keepalive_0
|
|
|
12e95e |
+ # # RHEL-08-010201
|
|
|
12e95e |
+ # - sshd_set_idle_timeout
|
|
|
12e95e |
|
|
|
12e95e |
# RHEL-08-010210
|
|
|
12e95e |
- file_permissions_var_log_messages
|
|
|
12e95e |
diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
|
|
|
12e95e |
index e4fee44f9f9..e3c8ebfc9a5 100644
|
|
|
12e95e |
--- a/tests/data/profile_stability/rhel8/stig.profile
|
|
|
12e95e |
+++ b/tests/data/profile_stability/rhel8/stig.profile
|
|
|
12e95e |
@@ -353,8 +353,6 @@ selections:
|
|
|
12e95e |
- sshd_enable_warning_banner
|
|
|
12e95e |
- sshd_print_last_log
|
|
|
12e95e |
- sshd_rekey_limit
|
|
|
12e95e |
-- sshd_set_idle_timeout
|
|
|
12e95e |
-- sshd_set_keepalive_0
|
|
|
12e95e |
- sshd_use_strong_rng
|
|
|
12e95e |
- sshd_x11_use_localhost
|
|
|
12e95e |
- sssd_certificate_verification
|
|
|
12e95e |
@@ -423,7 +421,6 @@ selections:
|
|
|
12e95e |
- var_password_pam_ucredit=1
|
|
|
12e95e |
- var_password_pam_lcredit=1
|
|
|
12e95e |
- var_password_pam_retry=3
|
|
|
12e95e |
-- var_sshd_set_keepalive=0
|
|
|
12e95e |
- sshd_approved_macs=stig
|
|
|
12e95e |
- sshd_approved_ciphers=stig
|
|
|
12e95e |
- sshd_idle_timeout_value=10_minutes
|
|
|
12e95e |
diff --git a/tests/data/profile_stability/rhel8/stig_gui.profile b/tests/data/profile_stability/rhel8/stig_gui.profile
|
|
|
12e95e |
index 83d04775e3a..8ef48e0654b 100644
|
|
|
12e95e |
--- a/tests/data/profile_stability/rhel8/stig_gui.profile
|
|
|
12e95e |
+++ b/tests/data/profile_stability/rhel8/stig_gui.profile
|
|
|
12e95e |
@@ -364,8 +364,6 @@ selections:
|
|
|
12e95e |
- sshd_enable_warning_banner
|
|
|
12e95e |
- sshd_print_last_log
|
|
|
12e95e |
- sshd_rekey_limit
|
|
|
12e95e |
-- sshd_set_idle_timeout
|
|
|
12e95e |
-- sshd_set_keepalive_0
|
|
|
12e95e |
- sshd_use_strong_rng
|
|
|
12e95e |
- sshd_x11_use_localhost
|
|
|
12e95e |
- sssd_certificate_verification
|
|
|
12e95e |
@@ -432,7 +430,6 @@ selections:
|
|
|
12e95e |
- var_password_pam_ucredit=1
|
|
|
12e95e |
- var_password_pam_lcredit=1
|
|
|
12e95e |
- var_password_pam_retry=3
|
|
|
12e95e |
-- var_sshd_set_keepalive=0
|
|
|
12e95e |
- sshd_approved_macs=stig
|
|
|
12e95e |
- sshd_approved_ciphers=stig
|
|
|
12e95e |
- sshd_idle_timeout_value=10_minutes
|