rpms/scap-security-guide
7
0
Fork 0
Code Issues Pull Requests Releases Activity
48dd54229e
scap-security-guide/SOURCES/scap-security-guide-0.1.64-readd-sshd_timeout-rules-PR_9318.patch

95 lines
3.8 KiB
Diff
Raw Normal View History

import scap-security-guide-0.1.63-1.el8_6
2022-09-13 07:38:56 +00:00
From 44bcccbe3a3b00ef1151089b0faacf82770bdc98 Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Tue, 9 Aug 2022 13:09:07 -0500
Subject: [PATCH 8/8] Merge pull request #9318 from
ggbecker/reintroduce-sshd-timeout
Patch-name: scap-security-guide-0.1.64-readd-sshd_timeout-rules-PR_9318.patch
Patch-status: Reintroduce back the sshd timeout rules in RHEL8 STIG profile
---
.../ssh/ssh_server/sshd_set_idle_timeout/rule.yml | 1 +
.../ssh/ssh_server/sshd_set_keepalive_0/rule.yml | 1 +
products/rhel8/profiles/stig.profile | 14 +++++++-------
tests/data/profile_stability/rhel8/stig.profile | 2 ++
.../data/profile_stability/rhel8/stig_gui.profile | 2 ++
5 files changed, 13 insertions(+), 7 deletions(-)
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml
index 46ea0558a4..1e9c617275 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml
@@ -57,6 +57,7 @@ references:
stigid@ol7: OL07-00-040320
stigid@ol8: OL08-00-010201
stigid@rhel7: RHEL-07-040320
+ stigid@rhel8: RHEL-08-010201
stigid@sle12: SLES-12-030190
stigid@sle15: SLES-15-010280
stigid@ubuntu2004: UBTU-20-010037
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive_0/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive_0/rule.yml
index 0f0693ddc6..f6e98a61d9 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive_0/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive_0/rule.yml
@@ -53,6 +53,7 @@ references:
stigid@ol7: OL07-00-040340
stigid@ol8: OL08-00-010200
stigid@rhel7: RHEL-07-040340
+ stigid@rhel8: RHEL-08-010200
stigid@sle12: SLES-12-030191
stigid@sle15: SLES-15-010320
vmmsrg: SRG-OS-000480-VMM-002000
diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile
index 6b44436a2b..124b7520d3 100644
--- a/products/rhel8/profiles/stig.profile
+++ b/products/rhel8/profiles/stig.profile
@@ -170,13 +170,13 @@ selections:
# RHEL-08-010190
- dir_perms_world_writable_sticky_bits
- # These two items don't behave as they used to in RHEL8.6 and RHEL9
- # anymore. They will be disabled for now until an alternative
- # solution is found.
- # # RHEL-08-010200
- # - sshd_set_keepalive_0
- # # RHEL-08-010201
- # - sshd_set_idle_timeout
+ # Although these rules have a different behavior in RHEL>=8.6
+ # they still need to be selected so it follows exactly what STIG
+ # states.
+ # RHEL-08-010200
+ - sshd_set_keepalive_0
+ # RHEL-08-010201
+ - sshd_set_idle_timeout
# RHEL-08-010210
- file_permissions_var_log_messages
diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
index 47f53a9d02..6c75d0ae1b 100644
--- a/tests/data/profile_stability/rhel8/stig.profile
+++ b/tests/data/profile_stability/rhel8/stig.profile
@@ -369,6 +369,8 @@ selections:
- sshd_enable_warning_banner
- sshd_print_last_log
- sshd_rekey_limit
+- sshd_set_idle_timeout
+- sshd_set_keepalive_0
- sshd_use_strong_rng
- sshd_x11_use_localhost
- sssd_certificate_verification
diff --git a/tests/data/profile_stability/rhel8/stig_gui.profile b/tests/data/profile_stability/rhel8/stig_gui.profile
index c4e60ddcde..8a7a469b94 100644
--- a/tests/data/profile_stability/rhel8/stig_gui.profile
+++ b/tests/data/profile_stability/rhel8/stig_gui.profile
@@ -379,6 +379,8 @@ selections:
- sshd_enable_warning_banner
- sshd_print_last_log
- sshd_rekey_limit
+- sshd_set_idle_timeout
+- sshd_set_keepalive_0
- sshd_use_strong_rng
- sshd_x11_use_localhost
- sssd_certificate_verification
--
2.37.1
Reference in New Issue Copy Permalink