48 lines
2.6 KiB
Diff
48 lines
2.6 KiB
Diff
|
From 21124e8524967788d4c95d47dd41259a0c7f958c Mon Sep 17 00:00:00 2001
|
||
|
From: Vojtech Polasek <vpolasek@redhat.com>
|
||
|
Date: Wed, 20 Jul 2022 14:18:13 +0200
|
||
|
Subject: [PATCH] change remediations to include the "=" sign
|
||
|
|
||
|
---
|
||
|
.../crypto/configure_openssl_crypto_policy/ansible/shared.yml | 4 ++--
|
||
|
.../crypto/configure_openssl_crypto_policy/bash/shared.sh | 4 ++--
|
||
|
2 files changed, 4 insertions(+), 4 deletions(-)
|
||
|
|
||
|
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml
|
||
|
index c335a9e7fa2..852ca18cf79 100644
|
||
|
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml
|
||
|
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml
|
||
|
@@ -20,7 +20,7 @@
|
||
|
lineinfile:
|
||
|
create: yes
|
||
|
insertafter: '^\s*\[\s*crypto_policy\s*]\s*'
|
||
|
- line: ".include /etc/crypto-policies/back-ends/opensslcnf.config"
|
||
|
+ line: ".include = /etc/crypto-policies/back-ends/opensslcnf.config"
|
||
|
path: {{{ openssl_cnf_path }}}
|
||
|
when:
|
||
|
- test_crypto_policy_group.stdout is defined
|
||
|
@@ -29,7 +29,7 @@
|
||
|
- name: "Add crypto_policy group and set include opensslcnf.config"
|
||
|
lineinfile:
|
||
|
create: yes
|
||
|
- line: "[crypto_policy]\n.include /etc/crypto-policies/back-ends/opensslcnf.config"
|
||
|
+ line: "[crypto_policy]\n.include = /etc/crypto-policies/back-ends/opensslcnf.config"
|
||
|
path: {{{ openssl_cnf_path }}}
|
||
|
when:
|
||
|
- test_crypto_policy_group.stdout is defined
|
||
|
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh
|
||
|
index 21edb780a2f..79eb5cff189 100644
|
||
|
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh
|
||
|
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh
|
||
|
@@ -2,8 +2,8 @@
|
||
|
|
||
|
OPENSSL_CRYPTO_POLICY_SECTION='[ crypto_policy ]'
|
||
|
OPENSSL_CRYPTO_POLICY_SECTION_REGEX='\[\s*crypto_policy\s*\]'
|
||
|
-OPENSSL_CRYPTO_POLICY_INCLUSION='.include /etc/crypto-policies/back-ends/opensslcnf.config'
|
||
|
-OPENSSL_CRYPTO_POLICY_INCLUSION_REGEX='^\s*\.include\s*/etc/crypto-policies/back-ends/opensslcnf.config$'
|
||
|
+OPENSSL_CRYPTO_POLICY_INCLUSION='.include = /etc/crypto-policies/back-ends/opensslcnf.config'
|
||
|
+OPENSSL_CRYPTO_POLICY_INCLUSION_REGEX='^\s*\.include\s*(?:=\s*)?/etc/crypto-policies/back-ends/opensslcnf.config$'
|
||
|
|
||
|
{{% if 'sle' in product %}}
|
||
|
{{% set openssl_cnf_path="/etc/ssl/openssl.cnf" %}}
|