Force frequent session key renegotiation.

[adelton]

Description:

• Force frequent session key renegotiation.

Rationale:

• By decreasing the limit based on the amount of data and enabling time-based limit, effects of potential attacks against encryption keys are limited.

[adelton]

The OVAL check does not seem to work for this value which has space in it.

The generated XML is

        <ns7:textfilecontent54_object id="oval:ssg-obj_sshd_rekey_limit:obj:1" version="1">
          <ns7:filepath>/etc/ssh/sshd_config</ns7:filepath>
          <ns7:pattern operation="pattern match">^[ \t]*(?i)RekeyLimit(?-i)[ \t]+(\S*)[ \t]*(?:|(?:#.*))?$</ns7:pattern>
          <ns7:instance datatype="int" operation="greater than or equal">1</ns7:instance>
        </ns7:textfilecontent54_object>

so the matched value is expected to be (\S*).

[adelton]

Addressed in e4e1c82.

[jan-cerny]

now it matches for me