From 279b1d8b585d3521d4910ec8aa69583f9b7031ac Mon Sep 17 00:00:00 2001 From: Vojtech Polasek Date: Mon, 25 May 2020 10:51:24 +0200 Subject: [PATCH 1/3] change rekey limit to 1G 1h in rhel8 ospp --- .../guide/services/ssh/ssh_server/var_rekey_limit_size.var | 1 + rhel8/profiles/ospp.profile | 2 +- rhel8/profiles/stig.profile | 3 +++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/linux_os/guide/services/ssh/ssh_server/var_rekey_limit_size.var b/linux_os/guide/services/ssh/ssh_server/var_rekey_limit_size.var index 16dc376508..395a087a68 100644 --- a/linux_os/guide/services/ssh/ssh_server/var_rekey_limit_size.var +++ b/linux_os/guide/services/ssh/ssh_server/var_rekey_limit_size.var @@ -12,3 +12,4 @@ options: sshd_default: "default" default: "512M" "512M": "512M" + "1G": "1G" diff --git a/rhel8/profiles/ospp.profile b/rhel8/profiles/ospp.profile index a5223a187f..0dca8350f9 100644 --- a/rhel8/profiles/ospp.profile +++ b/rhel8/profiles/ospp.profile @@ -58,7 +58,7 @@ selections: - sshd_set_keepalive - sshd_enable_warning_banner - sshd_rekey_limit - - var_rekey_limit_size=512M + - var_rekey_limit_size=1G - var_rekey_limit_time=1hour - sshd_use_strong_rng - openssl_use_strong_entropy diff --git a/rhel8/profiles/stig.profile b/rhel8/profiles/stig.profile index 2bb81cf9dc..a156857647 100644 --- a/rhel8/profiles/stig.profile +++ b/rhel8/profiles/stig.profile @@ -44,3 +44,6 @@ selections: - package_rsyslog-gnutls_installed - rsyslog_remote_tls - rsyslog_remote_tls_cacert + - sshd_rekey_limit + - var_rekey_limit_size=512M + - var_rekey_limit_time=1hour From d8ce7bb5f47665e40b6ec2c47e565bb7c46164a9 Mon Sep 17 00:00:00 2001 From: Vojtech Polasek Date: Mon, 25 May 2020 10:51:54 +0200 Subject: [PATCH 2/3] update stable ospp profile --- tests/data/profile_stability/rhel8/ospp.profile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/data/profile_stability/rhel8/ospp.profile b/tests/data/profile_stability/rhel8/ospp.profile index bdda39a903..25f7922bf3 100644 --- a/tests/data/profile_stability/rhel8/ospp.profile +++ b/tests/data/profile_stability/rhel8/ospp.profile @@ -214,7 +214,7 @@ selections: - timer_dnf-automatic_enabled - usbguard_allow_hid_and_hub - var_sshd_set_keepalive=0 -- var_rekey_limit_size=512M +- var_rekey_limit_size=1G - var_rekey_limit_time=1hour - var_accounts_user_umask=027 - var_password_pam_difok=4 From 6623ece14b6534164a3b953fd43111cae4a3eeea Mon Sep 17 00:00:00 2001 From: Vojtech Polasek Date: Thu, 28 May 2020 09:30:58 +0200 Subject: [PATCH 3/3] propagate change also into stig profile --- rhel8/profiles/stig.profile | 3 --- tests/data/profile_stability/rhel8/stig.profile | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/rhel8/profiles/stig.profile b/rhel8/profiles/stig.profile index a156857647..2bb81cf9dc 100644 --- a/rhel8/profiles/stig.profile +++ b/rhel8/profiles/stig.profile @@ -44,6 +44,3 @@ selections: - package_rsyslog-gnutls_installed - rsyslog_remote_tls - rsyslog_remote_tls_cacert - - sshd_rekey_limit - - var_rekey_limit_size=512M - - var_rekey_limit_time=1hour diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile index ebef541921..6c4270925f 100644 --- a/tests/data/profile_stability/rhel8/stig.profile +++ b/tests/data/profile_stability/rhel8/stig.profile @@ -242,7 +242,7 @@ selections: - timer_dnf-automatic_enabled - usbguard_allow_hid_and_hub - var_sshd_set_keepalive=0 -- var_rekey_limit_size=512M +- var_rekey_limit_size=1G - var_rekey_limit_time=1hour - var_accounts_user_umask=027 - var_password_pam_difok=4