rpms / scap-security-guide

Clone
Source Code
GIT

Files

  1.   a8c580020dc7e53bf0519dbd5961e4fd02890909
  2.   SOURCES
  3.   profile-stability-rebase-0.1.54.patch
Blob Blame History Raw 
From c41e6d8c1da766c86dbd3c188c5069f4842d7818 Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Thu, 4 Feb 2021 23:50:04 +0100
Subject: [PATCH] Select/deselect rules in RHEL7 profiles

e8, select sshd_use_priv_separation
hipaa, select sshd_use_priv_separation
---
 rhel7/profiles/e8.profile                     | 1 +
 rhel7/profiles/hipaa.profile                  | 1 +
 tests/data/profile_stability/rhel7/e8.profile | 1 +
 4 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/rhel7/profiles/e8.profile b/rhel7/profiles/e8.profile
index 8dfb392d4..bc14fc633 100644
--- a/rhel7/profiles/e8.profile
+++ b/rhel7/profiles/e8.profile
@@ -127,6 +127,7 @@ selections:
   - sshd_disable_gssapi_auth
   - sshd_use_strong_ciphers
   - sshd_print_last_log
+  - sshd_use_priv_separation
   - sshd_do_not_permit_user_env
   - sshd_disable_rhosts_rsa
   - sshd_disable_rhosts
diff --git a/rhel7/profiles/hipaa.profile b/rhel7/profiles/hipaa.profile
index d60682cbb..76c2ad9ea 100644
--- a/rhel7/profiles/hipaa.profile
+++ b/rhel7/profiles/hipaa.profile
@@ -71,6 +71,7 @@ selections:
     - sshd_enable_strictmodes
     - sshd_enable_warning_banner
     - sshd_set_keepalive
+    - sshd_use_priv_separation
     - encrypt_partitions
     - sshd_use_approved_ciphers
     - sshd_use_approved_macs
diff --git a/tests/data/profile_stability/rhel7/e8.profile b/tests/data/profile_stability/rhel7/e8.profile
index af1bcd0f9..23d226eab 100644
--- a/tests/data/profile_stability/rhel7/e8.profile
+++ b/tests/data/profile_stability/rhel7/e8.profile
@@ -95,6 +95,7 @@ selections:
 - sshd_enable_strictmodes
 - sshd_print_last_log
 - sshd_set_loglevel_info
+- sshd_use_priv_separation
 - sshd_use_strong_ciphers
 - sshd_use_strong_macs
 - sudo_remove_no_authenticate
-- 
2.26.2

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation