Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-29684

Rule harden_sshd_ciphers_openssh_conf_crypto_policy and harden_sshd_ciphers_opensshserver_conf_crypto_policy do not align with DISA STIG RHEL 9 V1R2

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Normal Normal
    • rhel-9.4.z
    • rhel-9.3.0
    • scap-security-guide
    • None
    • scap-security-guide-0.1.73-1.el9_4
    • Yes
    • Moderate
    • Regression
    • rhel-sst-security-compliance
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • Hide

      PTP will be provided based on manual check of allowed ciphers selected by "sshd_approved_ciphers" variable in STIG profile. The variable must contain only these ciphers:

      aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
      Show
      PTP will be provided based on manual check of allowed ciphers selected by "sshd_approved_ciphers" variable in STIG profile. The variable must contain only these ciphers: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
    • Pass
    • None
    • All
    • None

      What were you trying to do that didn't work?

      This content is not aligned with content from DISA STIG RHEL 9 V1R2

      The misalignment affects these profiles: STIG and STIG with GUI

      The STIG ID: RHEL-09-255065

      SCAP Security Guide Version: 0.1.72

      External Content's Version: V1R2

       

       

      This Bug is to follow along with upstream issue:

         https://github.com/search?q=openssh+disa&type=issues&p=1

              vpolasek@redhat.com Vojtech Polasek
              rhn-support-sgardner Steven Gardner
              Vojtech Polasek Vojtech Polasek
              Milan Lysonek Milan Lysonek
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated:
                Resolved: