Skip to content

Commit

Permalink
change rule id
Browse files Browse the repository at this point in the history
  • Loading branch information
@vojtapolasek
vojtapolasek committed Jan 18, 2021
1 parent 7416341 commit 1b3f46f
Show file tree
Hide file tree
Showing 11 changed files with 6 additions and 6 deletions.
0 ...proved_ciphers_ordered/ansible/shared.yml → ...d_ciphers_ordered_stig/ansible/shared.yml
View file
File renamed without changes.
0 ...e_approved_ciphers_ordered/bash/shared.sh → ...roved_ciphers_ordered_stig/bash/shared.sh
View file
File renamed without changes.
10 changes: 5 additions & 5 deletions ..._approved_ciphers_ordered/oval/shared.xml → ...oved_ciphers_ordered_stig/oval/shared.xml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
<def-group>
<definition class="compliance" id="sshd_use_approved_ciphers_ordered" version="1">
<definition class="compliance" id="sshd_use_approved_ciphers_ordered_stig" version="1">
{{{ oval_metadata("Limit the ciphers to those which are FIPS-approved.") }}}
<criteria operator="AND">
<extend_definition comment="Installed OS is FIPS certified" definition_ref="installed_OS_is_FIPS_certified" />
Expand All @@ -17,19 +17,19 @@
<extend_definition comment="rpm package openssh-server installed"
definition_ref="package_openssh-server_installed" />
<criterion comment="Check the Cipers list in /etc/ssh/sshd_config"
test_ref="test_sshd_use_approved_ciphers_ordered" />
test_ref="test_sshd_use_approved_ciphers_ordered_stig" />
</criteria>
</criteria>
</criteria>
</definition>

<ind:textfilecontent54_test check="all" check_existence="all_exist"
comment="tests the value of Ciphers setting in the /etc/ssh/sshd_config file"
id="test_sshd_use_approved_ciphers_ordered" version="1">
<ind:object object_ref="obj_sshd_use_approved_ciphers_ordered" />
id="test_sshd_use_approved_ciphers_ordered_stig" version="1">
<ind:object object_ref="obj_sshd_use_approved_ciphers_ordered_stig" />
</ind:textfilecontent54_test>

<ind:textfilecontent54_object id="obj_sshd_use_approved_ciphers_ordered" version="1">
<ind:textfilecontent54_object id="obj_sshd_use_approved_ciphers_ordered_stig" version="1">
<ind:filepath>/etc/ssh/sshd_config</ind:filepath>
<ind:pattern operation="pattern match">^[\s]*(?i)Ciphers(?-i)[\s]+(aes256-ctr(?=[\w,-@]+|$),?)?(aes192-ctr(?=[\w,-@]+|$),?)?(aes128-ctr(?=[\w,-@]+|$),?)?[\s]*(?:#.*)?$</ind:pattern>
<ind:instance datatype="int">1</ind:instance>
Expand Down
0 ...shd_use_approved_ciphers_ordered/rule.yml → ...se_approved_ciphers_ordered_stig/rule.yml
View file
File renamed without changes.
0 ...ved_ciphers_ordered/tests/comment.fail.sh → ...iphers_ordered_stig/tests/comment.fail.sh
View file
File renamed without changes.
0 ...rdered/tests/correct_reduced_list.pass.sh → ...d_stig/tests/correct_reduced_list.pass.sh
View file
File renamed without changes.
0 ...s_ordered/tests/correct_scrambled.fail.sh → ...ered_stig/tests/correct_scrambled.fail.sh
View file
File renamed without changes.
0 ...phers_ordered/tests/correct_value.pass.sh → ..._ordered_stig/tests/correct_value.pass.sh
View file
File renamed without changes.
0 ...hers_ordered/tests/line_not_there.fail.sh → ...ordered_stig/tests/line_not_there.fail.sh
View file
File renamed without changes.
0 ...ciphers_ordered/tests/wrong_value.fail.sh → ...rs_ordered_stig/tests/wrong_value.fail.sh
View file
File renamed without changes.
2 changes: 1 addition & 1 deletion rhel7/profiles/stig.profile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -239,7 +239,7 @@ selections:
- install_antivirus
- accounts_max_concurrent_login_sessions
- configure_firewalld_ports
- sshd_use_approved_ciphers_ordered
- sshd_use_approved_ciphers_ordered_stig
- accounts_tmout
- sshd_enable_warning_banner
- sssd_ldap_start_tls
Expand Down

0 comments on commit 1b3f46f

Please sign in to comment.