Tree - rpms/scap-security-guide

rpms / scap-security-guide

Files

Commit: 7ca01b220ee800116ca19cb6d4c8eb26397cd421
Blob Blame History Raw
From 21124e8524967788d4c95d47dd41259a0c7f958c Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Wed, 20 Jul 2022 14:18:13 +0200
Subject: [PATCH] change remediations to include the "=" sign

---
 .../crypto/configure_openssl_crypto_policy/ansible/shared.yml | 4 ++--
 .../crypto/configure_openssl_crypto_policy/bash/shared.sh     | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml
index c335a9e7fa2..852ca18cf79 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml
@@ -20,7 +20,7 @@
   lineinfile:
     create: yes
     insertafter: '^\s*\[\s*crypto_policy\s*]\s*'
-    line: ".include /etc/crypto-policies/back-ends/opensslcnf.config"
+    line: ".include = /etc/crypto-policies/back-ends/opensslcnf.config"
     path: {{{ openssl_cnf_path }}}
   when:
     - test_crypto_policy_group.stdout is defined
@@ -29,7 +29,7 @@
 - name: "Add crypto_policy group and set include opensslcnf.config"
   lineinfile:
     create: yes
-    line: "[crypto_policy]\n.include /etc/crypto-policies/back-ends/opensslcnf.config"
+    line: "[crypto_policy]\n.include = /etc/crypto-policies/back-ends/opensslcnf.config"
     path: {{{ openssl_cnf_path }}}
   when:
     - test_crypto_policy_group.stdout is defined
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh
index 21edb780a2f..79eb5cff189 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh
@@ -2,8 +2,8 @@
 
 OPENSSL_CRYPTO_POLICY_SECTION='[ crypto_policy ]'
 OPENSSL_CRYPTO_POLICY_SECTION_REGEX='\[\s*crypto_policy\s*\]'
-OPENSSL_CRYPTO_POLICY_INCLUSION='.include /etc/crypto-policies/back-ends/opensslcnf.config'
-OPENSSL_CRYPTO_POLICY_INCLUSION_REGEX='^\s*\.include\s*/etc/crypto-policies/back-ends/opensslcnf.config$'
+OPENSSL_CRYPTO_POLICY_INCLUSION='.include = /etc/crypto-policies/back-ends/opensslcnf.config'
+OPENSSL_CRYPTO_POLICY_INCLUSION_REGEX='^\s*\.include\s*(?:=\s*)?/etc/crypto-policies/back-ends/opensslcnf.config$'
 
 {{% if 'sle' in product %}}
   {{% set openssl_cnf_path="/etc/ssl/openssl.cnf" %}}
rpms / scap-security-guide

Source Code

Files
