search

mondoohq / cnspec-policies

This repository contains security policies for cnspec maintained by Mondoo and the cnspec community.
Other
43 stars 18 forks source link

`Linux Security Policy: Ensure only strong ciphers are used` remediation steps don't work on Ubuntu 24.04 #452

Open tas50 opened 1 week ago

tas50 commented 1 week ago

Describe the bug Linux Security Policy: Ensure only strong ciphers are used remediation steps don't work on Ubuntu 24.04

The following failure occurs after using the ciphers the policy recommends:

[failed] sshd.config.ciphers != empty
sshd.config.ciphers.containsOnly(props.mondooLinuxSecuritySshdCiphers)

  [ok] value: [
    0: "chacha20-poly1305@openssh.com"
    1: "aes256-gcm@openssh.com"
    2: "aes128-gcm@openssh.com"
    3: "aes256-ctr"
    4: "aes192-ctr"
    5: "aes128-ctr"
  ]
  [failed] [].containsOnly()
    expected: == _
    actual:   [
      0: "chacha20-poly1305@openssh.com"
      1: "aes256-gcm@openssh.com"
      2: "aes128-gcm@openssh.com"
    ]
mm-weber commented 4 hours ago

Image