Closed bbaassssiiee closed 7 months ago
uk-bolly
commented
1 year ago Hi @bbaassssiiee
This is very true but fips is not without its own challenges. Like all benchmarks it does require the user to understand what impact each control has on their system and the way that it works for them. While DEFAULT is not ideal it is still more restrictive than LEGACY. Ideally though it should be greater as you have pointed out.
Thanks as always
uk-bolly
Thulium-Drake
commented
1 year ago There's a workaround for that (that's been sitting in my mailbox for over a year now, as I haven't needed it yet) that might be a good fit for in this role somewhere:
echo 'key_exchange = ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK ECDHE-GSS DHE-GSS' > /etc/crypto-policies/policies/modules/RSA-2048.pmod
echo 'min_rsa_size = 2048' >> /etc/crypto-policies/policies/modules/RSA-2048.pmod
update-crypto-policies --set FUTURE:RSA-2048This will allow RSA keys with a length of 2048 bits, but still keep all the other policies in place.
However, I have no clue how useful that is (I don't know the details of the crypto policies, just that setting FUTURE seems to break a lot of things :-) )
bbaassssiiee
commented
1 year ago There's a workaround for that (that's been sitting in my mailbox for over a year now, as I haven't needed it yet) that might be a good fit for in this role somewhere:
echo 'key_exchange = ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK ECDHE-GSS DHE-GSS' > /etc/crypto-policies/policies/modules/RSA-2048.pmod echo 'min_rsa_size = 2048' >> /etc/crypto-policies/policies/modules/RSA-2048.pmod update-crypto-policies --set FUTURE:RSA-2048This will allow RSA keys with a length of 2048 bits, but still keep all the other policies in place.
However, I have no clue how useful that is (I don't know the details of the crypto policies, just that setting FUTURE seems to break a lot of things :-) )
This can be implemented since https://github.com/ansible-lockdown/RHEL8-CIS/pull/297 was merged.
bbaassssiiee
commented
1 year ago The 3.0.0 version of the benchmark states:
Over-riding or opting out of the system-wide crypto policy could allow for
the use of less secure Ciphers, MACs, KexAlgorithms and GSSAPIKexAlgorithm
Note: If changes to the system-wide crypto policy are required to meet local
site policy for the openSSH server, these changes should be done with a sub-policy
assigned to the system-wide crypto policy. For additional information see the
CRYPTO-POLICIES(7) man pageSo what you suggest is the way to go!
uk-bolly
commented
7 months ago hi @bbaassssiiee
Im hoping that this has now been addressed? Please feel free to close if this is the case.
Many thanks as always
uk-bolly
bbaassssiiee
commented
7 months ago hi @bbaassssiiee
Im hoping that this has now been addressed? Please feel free to close if this is the case.
I think we can close this if we move rhel8cis_allowed_crypto_policies_modules from vars to defaults, then sites can define their local policy modules, with their names in their project.
bbaassssiiee
commented
7 months ago # https://gitlab.com/redhat-crypto/fedora-crypto-policies
# message authentication code algorithms
# https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/issues/48
mac@SSH = -*-64* -UMAC-128 -HMAC-SHA1
# SSH prioritizes the encrypt-then-MAC over encrypt-and-MAC algorithms.
ssh_etm = 1
# key exchange algorithms override FUTURE
key_exchange = ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK ECDHE-GSS DHE-GSS
# Disable weak DH groups and NIST curves, add EC
group@SSH = +X25519 +X448 -FFDHE-2048 -SECP256R1 -SECP384R1 -SECP521R1
# Disabled diffie-hellman-group-exchange-sha256, enable for CIS-CAT Pro audit tool
arbitrary_dh_groups = 0
hash = -SHA1
sign = -*-SHA1
sign@SSH = -*-SHA1 +EDDSA-ED25519
# Don't use this size for SSH keys.
min_rsa_size = 2048
min_dh_size = 3072
# encryption algorithms (ciphers)
cipher@SSH = -*-CBC -CHACHA20-POLY1305 +AES-192-CTR -AES*-GCM
ssh_certs = 1
https://github.com/ansible-lockdown/RHEL8-CIS/blob/49117ef490f6d6894804407a5b10ed43f8a68a50/defaults/main.yml#L425
Lot's of repositories and mirrors are signed by Let's Encrypt or GlobalSign, which use 2048 bits keys.
FIPS is a bit more secure than DEFAULT.