Replies: 1 comment
-
The reason I bring this up is because the FIPS-certified rule can be deselected on a non-FIPS-certified distro (i.e. Stream), but the rules that extend |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
With the addition of the
sshd_use_approved_kex_ordered_stig
rule in #10103 (and my subsequent failure to comply on my machines), I decided to start looking at the differences between the crypto policy rules (harden_sshd_ciphers_opensshserver_conf_crypto_policy
,harden_sshd_macs_opensshserver_conf_crypto_policy
, etc.) and the other sshd hardening rules (sshd_use_approved_ciphers
,sshd_use_approved_macs
, etc.). This was mostly due to the visual difference between the two types:Now, from what I can glean from the OVAL files, some differences are:
installed_OS_is_FIPS_certified
Firstly, are there differences I'm missing here? There doesn't seem to be an obvious technical reason why there is a divide between the RHEL 7 and RHEL 8 rules. Second, is there a reason there is no new RHEL 8 crypto policy equivalent of
sshd_use_approved_kex_ordered_stig
and insteadsshd_use_approved_kex_ordered_stig
is applied to both RHEL 7 and RHEL 8+ systems, unlike the other adjacent rules (sshd_use_approved_ciphers
andsshd_use_approved_macs
)? Thanks!Beta Was this translation helpful? Give feedback.
All reactions