40 lines
1.6 KiB
Diff
40 lines
1.6 KiB
Diff
|
From bd790153e02c1d1725f59f5d88c65c77eb1421e9 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Gabriel Becker <ggasparb@redhat.com>
|
||
|
|
Date: Tue, 24 Aug 2021 12:48:46 +0200
|
||
|
|
Subject: [PATCH] Add a new selector for var_system_crypto_policy and use it
|
||
|
|
RHEL8 CIS.
|
||
|
|
|
||
|
|
This new selector is used to select explicit DEFAULT value in RHEL8 CIS
|
||
|
|
L1 profiles. The "default" selector cannot be selected and it causes
|
||
|
|
errors if used.
|
||
|
|
---
|
||
|
|
controls/cis_rhel8.yml | 2 +-
|
||
|
|
.../software/integrity/crypto/var_system_crypto_policy.var | 1 +
|
||
|
|
2 files changed, 2 insertions(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml
|
||
|
|
index 29d972427cf..c0d3f5f40de 100644
|
||
|
|
--- a/controls/cis_rhel8.yml
|
||
|
|
+++ b/controls/cis_rhel8.yml
|
||
|
|
@@ -553,7 +553,7 @@ controls:
|
||
|
|
automated: yes
|
||
|
|
rules:
|
||
|
|
- configure_crypto_policy
|
||
|
|
- - var_system_crypto_policy=default
|
||
|
|
+ - var_system_crypto_policy=default_policy
|
||
|
|
|
||
|
|
# This rule works in conjunction with the configure_crypto_policy above.
|
||
|
|
# If a system is remediated to CIS Level 1, just the rule above will apply
|
||
|
|
diff --git a/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var b/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var
|
||
|
|
index ce301154a39..8b89848d122 100644
|
||
|
|
--- a/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var
|
||
|
|
+++ b/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var
|
||
|
|
@@ -13,6 +13,7 @@ interactive: false
|
||
|
|
|
||
|
|
options:
|
||
|
|
default: DEFAULT
|
||
|
|
+ default_policy: DEFAULT
|
||
|
|
default_nosha1: "DEFAULT:NO-SHA1"
|
||
|
|
fips: FIPS
|
||
|
|
fips_ospp: "FIPS:OSPP"
|