scap-security-guide/scap-security-guide-0.1.64-fix_openssl_cryptopolicy_remediation-PR_9194.patch

48 lines
2.6 KiB
Diff
Raw Normal View History

From 21124e8524967788d4c95d47dd41259a0c7f958c Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Wed, 20 Jul 2022 14:18:13 +0200
Subject: [PATCH] change remediations to include the "=" sign
---
.../crypto/configure_openssl_crypto_policy/ansible/shared.yml | 4 ++--
.../crypto/configure_openssl_crypto_policy/bash/shared.sh | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml
index c335a9e7fa2..852ca18cf79 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml
@@ -20,7 +20,7 @@
lineinfile:
create: yes
insertafter: '^\s*\[\s*crypto_policy\s*]\s*'
- line: ".include /etc/crypto-policies/back-ends/opensslcnf.config"
+ line: ".include = /etc/crypto-policies/back-ends/opensslcnf.config"
path: {{{ openssl_cnf_path }}}
when:
- test_crypto_policy_group.stdout is defined
@@ -29,7 +29,7 @@
- name: "Add crypto_policy group and set include opensslcnf.config"
lineinfile:
create: yes
- line: "[crypto_policy]\n.include /etc/crypto-policies/back-ends/opensslcnf.config"
+ line: "[crypto_policy]\n.include = /etc/crypto-policies/back-ends/opensslcnf.config"
path: {{{ openssl_cnf_path }}}
when:
- test_crypto_policy_group.stdout is defined
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh
index 21edb780a2f..79eb5cff189 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh
@@ -2,8 +2,8 @@
OPENSSL_CRYPTO_POLICY_SECTION='[ crypto_policy ]'
OPENSSL_CRYPTO_POLICY_SECTION_REGEX='\[\s*crypto_policy\s*\]'
-OPENSSL_CRYPTO_POLICY_INCLUSION='.include /etc/crypto-policies/back-ends/opensslcnf.config'
-OPENSSL_CRYPTO_POLICY_INCLUSION_REGEX='^\s*\.include\s*/etc/crypto-policies/back-ends/opensslcnf.config$'
+OPENSSL_CRYPTO_POLICY_INCLUSION='.include = /etc/crypto-policies/back-ends/opensslcnf.config'
+OPENSSL_CRYPTO_POLICY_INCLUSION_REGEX='^\s*\.include\s*(?:=\s*)?/etc/crypto-policies/back-ends/opensslcnf.config$'
{{% if 'sle' in product %}}
{{% set openssl_cnf_path="/etc/ssl/openssl.cnf" %}}