Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

configure_crypto_policy update for CIS profile #6673

Merged
merged 1 commit into from
Mar 11, 2021
Merged

configure_crypto_policy update for CIS profile #6673

merged 1 commit into from
Mar 11, 2021

Conversation

mildas
Copy link
Contributor

@mildas mildas commented Mar 10, 2021
edited
Loading

Description:

1.11 requires FUTURE/FIPS crypto policy. However, default value of var_system_crypto_policy is DEFAULT thus non-compliant to CIS.

@openscap-ci
Copy link
Collaborator

openscap-ci commented Mar 10, 2021
edited
Loading

Changes identified:
Profiles:
 cis on rhel8

Show details

Profile cis on rhel8:
 Variable var_system_crypto_policy=future added to cis profile.

Recommended tests to execute:
 build_product rhel8
 tests/test_suite.py profile --libvirt qemu:///system test-suite-vm --datastream build/ssg-rhel8-ds.xml cis

yuumasato
yuumasato requested changes Mar 10, 2021
View reviewed changes
Copy link
Member

@yuumasato yuumasato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, there is a 1.10 RHEL8 CIS reference.
cis_rhel8_1 10

As the CIS Profile is more aligned to Level2, it should be fine to change the crypto-policy selection away from DEFAULT.

linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml Outdated Show resolved Hide resolved
rhel8/profiles/cis.profile Outdated Show resolved Hide resolved
@mildas mildas force-pushed the cis_configure_crypto_policy branch from 2d087d5 to 7393cc3 Compare March 10, 2021 13:46
@mildas mildas force-pushed the cis_configure_crypto_policy branch from 7393cc3 to e134d96 Compare March 10, 2021 15:43
@mildas
Copy link
Contributor Author

mildas commented Mar 10, 2021

@yuumasato Changed crypto policy to future and removed the commit with ref change

@yuumasato yuumasato added this to the 0.1.56 milestone Mar 10, 2021
@yuumasato yuumasato self-assigned this Mar 10, 2021
@yuumasato yuumasato merged commit e55f943 into ComplianceAsCode:master Mar 11, 2021
vojtapolasek pushed a commit that referenced this pull request Mar 15, 2021
@yuumasato @vojtapolasek
Merge pull request #6673 from mildas/cis_configure_crypto_policy
d6330e5 
configure_crypto_policy update for CIS profile

(cherry picked from commit e55f943)
@vojtapolasek vojtapolasek added backported-into-stabilization PRs which were cherry-picked during stabilization process. bugfix Fixes to reported bugs. labels Mar 15, 2021
@vojtapolasek vojtapolasek modified the milestones: 0.1.56, 0.1.55 Mar 15, 2021
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuumasato yuumasato yuumasato approved these changes

@matusmarhefka matusmarhefka Awaiting requested review from matusmarhefka

Assignees

@yuumasato yuumasato

Labels
backported-into-stabilization PRs which were cherry-picked during stabilization process. bugfix Fixes to reported bugs.
Projects
None yet
Milestone
0.1.55
Development

Successfully merging this pull request may close these issues.
4 participants
@mildas @openscap-ci @yuumasato @vojtapolasek