From bd790153e02c1d1725f59f5d88c65c77eb1421e9 Mon Sep 17 00:00:00 2001 From: Gabriel Becker Date: Tue, 24 Aug 2021 12:48:46 +0200 Subject: [PATCH] Add a new selector for var_system_crypto_policy and use it RHEL8 CIS. This new selector is used to select explicit DEFAULT value in RHEL8 CIS L1 profiles. The "default" selector cannot be selected and it causes errors if used. --- controls/cis_rhel8.yml | 2 +- .../software/integrity/crypto/var_system_crypto_policy.var | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml index 29d972427cf..c0d3f5f40de 100644 --- a/controls/cis_rhel8.yml +++ b/controls/cis_rhel8.yml @@ -553,7 +553,7 @@ controls: automated: yes rules: - configure_crypto_policy - - var_system_crypto_policy=default + - var_system_crypto_policy=default_policy # This rule works in conjunction with the configure_crypto_policy above. # If a system is remediated to CIS Level 1, just the rule above will apply diff --git a/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var b/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var index ce301154a39..8b89848d122 100644 --- a/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var +++ b/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var @@ -13,6 +13,7 @@ interactive: false options: default: DEFAULT + default_policy: DEFAULT default_nosha1: "DEFAULT:NO-SHA1" fips: FIPS fips_ospp: "FIPS:OSPP"