Check seems to expect ^\s*(?i)CRYPTO_POLICY\s*=.*$ to match a line of /etc/sysconfig/sshd. But remediation ensures no such line is found in /etc/sysconfig/sshd. Hence check checks for the opposite of what remediation sets.
SCAP Security Guide Version:
0.1.62
Operating System Version:
Oracle Linux Server release 8.6
Steps to Reproduce:
Remove or comment CRYPTO_POLICY= in /etc/sysconfig/sshd
Run /usr/share/scap-security-guide/ansible/ol8-playbook-standard.yml against host
Description of problem:
Check seems to expect
^\s*(?i)CRYPTO_POLICY\s*=.*$
to match a line of/etc/sysconfig/sshd
. But remediation ensures no such line is found in/etc/sysconfig/sshd
. Hence check checks for the opposite of what remediation sets.SCAP Security Guide Version:
0.1.62
Operating System Version:
Oracle Linux Server release 8.6
Steps to Reproduce:
Actual Results:
"Configure SSH to use System Crypto Policy" in "error" state
Expected Results:
"Configure SSH to use System Crypto Policy" should be in "pass" state
Additional Information/Debugging Steps: