Change sshd rekey limit to 1G 1 hour in rhel8 OSPP (ComplianceAsCode#…

…5782) * Change rekey limit to 1G 1h in rhel8 OSPP and let change propagate to STIG * Update stable ospp profile
wcushen · Jun 24, 2020 · a26ab5e · a26ab5e
1 parent 62523dc
commit a26ab5e
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 3 deletions.
diff --git a/linux_os/guide/services/ssh/ssh_server/var_rekey_limit_size.var b/linux_os/guide/services/ssh/ssh_server/var_rekey_limit_size.var
@@ -12,3 +12,4 @@ options:
     sshd_default: "default"
     default: "512M"
     "512M": "512M"
+    "1G": "1G"
diff --git a/rhel8/profiles/ospp.profile b/rhel8/profiles/ospp.profile
@@ -58,7 +58,7 @@ selections:
     - sshd_set_keepalive
     - sshd_enable_warning_banner
     - sshd_rekey_limit
-    - var_rekey_limit_size=512M
+    - var_rekey_limit_size=1G
     - var_rekey_limit_time=1hour
     - sshd_use_strong_rng
     - openssl_use_strong_entropy

diff --git a/tests/data/profile_stability/rhel8/ospp.profile b/tests/data/profile_stability/rhel8/ospp.profile
@@ -214,7 +214,7 @@ selections:
 - timer_dnf-automatic_enabled
 - usbguard_allow_hid_and_hub
 - var_sshd_set_keepalive=0
-- var_rekey_limit_size=512M
+- var_rekey_limit_size=1G
 - var_rekey_limit_time=1hour
 - var_accounts_user_umask=027
 - var_password_pam_difok=4

diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
@@ -242,7 +242,7 @@ selections:
 - timer_dnf-automatic_enabled
 - usbguard_allow_hid_and_hub
 - var_sshd_set_keepalive=0
-- var_rekey_limit_size=512M
+- var_rekey_limit_size=1G
 - var_rekey_limit_time=1hour
 - var_accounts_user_umask=027
 - var_password_pam_difok=4