New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updating RHEL8 STIG profile for readability changes #6856
Updating RHEL8 STIG profile for readability changes #6856
Conversation
Changes identified: Show detailsProfile stig on rhel8: Recommended tests to execute: |
98d9a74
to
5f9ecf1
Compare
5f9ecf1
to
6a3dac4
Compare
@carlosmmatos: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
# RHEL-08-010290 && RHEL-08-010291 | ||
### NOTE: This will get split out in future STIG releases, as well as we will break | ||
### these rules up to be more flexible in meeting the requirements. | ||
- harden_sshd_crypto_policy |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would refrain from adding harden_sshd_crypto_policy
at this moment since it's not really aligned with STIG.
For the Ciphers parameter it defines aes256-ctr,aes256-cbc,aes128-ctr,aes128-cbc
whereas STIG defines aes256-ctr,aes192-ctr,aes128-ctr
or a subset of this list.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm going to merge this since it can cause a few conflicts and any issue can be resolved later. I see only one issue with a rule selection and I'll open a new PR to discuss its implications.
Direct sync of V1R1 for rules - along with current mapped rules.