add control for CRYPTO_POLICY on RedHat

dev-sec / ssh-baseline

DevSec SSH Baseline - InSpec Profile

https://dev-sec.io/baselines/ssh/

Apache License 2.0

283 stars 78 forks source link

add control for CRYPTO_POLICY on RedHat #176

Closed schurzi closed 4 years ago

schurzi commented 4 years ago

RedHat introduces a CRYPTO_POLICY in RHEL8. This needs to be configured separately, or it will override sshd_config settings for Cipher, MAC and Kex.

see: https://access.redhat.com/solutions/4410591

micheelengronne commented 4 years ago

Can you lint the 2 errors ? "redhat" in single quotes and add a new line after your block.

schurzi commented 4 years ago

sorry, didn't notice the travis build. There is now one warning left, should I move the if condition to the outside of the control or further in, to get rid of this warning?

micheelengronne commented 4 years ago

I think you should use the only_if syntax provided by Inspec

schurzi commented 4 years ago

nice, thank you. I didn't know that feature

micheelengronne commented 4 years ago

Well done. Good to merge.