Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-62941

SSHD rules on strong crypto are overriding crypto policy settings

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-9.4
    • scap-security-guide
    • None
    • No
    • Moderate
    • rhel-sst-security-compliance
    • ssg_security
    • 3
    • False
    • Hide

      None

      Show
      None
    • No
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • Unspecified Release Note Type - Unknown
    • None

      What were you trying to do that didn't work?

      Most of the rules related to SSHD strong crypto (e.g. xccdf_org.ssgproject.content_rule_sshd_use_strong_x) check and propose to add stanzas into /etc/ssh/sshd_config instead of configuring appropriately the system-wide crypto policy.
      This somehow contradicts with the system-wide crypto policy benefit, which is to keep everything in one place and affecting the whole system, and not tune each service individually.
       

      What is the impact of this issue to you?

      Breaks standards

      Please provide the package NVR for which the bug is seen:

      scap-security-guide

      How reproducible is this bug?:

      N/A

              vpolasek@redhat.com Vojtech Polasek
              rhn-support-rmetrich Renaud Métrich
              Vojtech Polasek Vojtech Polasek
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: