Open ggbecker opened 2 months ago
So I fired up a RHEL 8.10 VM it seems that RHEL 8.10 has the same issue:
[root@vm-10-0-184-48 ~]# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.10 (Ootpa)
[root@vm-10-0-184-48 ~]# sudo grep -i ciphers /etc/crypto-policies/back-ends/openssh.config
Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc
So this rule wrong for RHEL 8 as well. Plus the STIG might need updating.
The following STIG item
https://stigaview.com/products/rhel9/v1r3/RHEL-09-255065/
Does not have the "-oCiphers=" parameter, it uses "Cipher" instead. Our rule implementation
https://github.com/ComplianceAsCode/content/blob/34011f7d23235aa128edef33c929097e62201433/controls/stig_rhel9.yml#L1880
targets the RHEL8 STIG implementation only (https://stigaview.com/products/rhel8/v1r13/RHEL-08-010291/), the rule needs to be updated to support RHEL9 format.
https://github.com/ComplianceAsCode/content/blob/34011f7d23235aa128edef33c929097e62201433/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml#L42
The same applies for MAC parameter. https://stigaview.com/products/rhel9/v1r3/RHEL-09-255075/
@Mab879