ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge pull request #323 from ansible-lockdown/fix_j2_sshd_weakciphers

Browse source 
Fix for #320 thank you @kodebach
This commit is contained in:
Fred W. 2025-04-25 13:07:07 -04:00 committed by GitHub
commit 612f416fc8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Changelog.md
View file

@ -1,5 +1,9 @@
# Changes to rhel9CIS # Changes to rhel9CIS
## 2.0.0 - Based on CIS v2.0.0
- #320 - thanks to @kodebach
## 1.1.6 - Based on CIS v1.0.0 ## 1.1.6 - Based on CIS v1.0.0
- #190 - thanks to @ipruteanu-sie - #190 - thanks to @ipruteanu-sie

2
templates/etc/crypto-policies/policies/modules/NO-SSHWEAKCIPHERS.pmod.j2
View file

@ -1,4 +1,4 @@
# This is a subpolicy to disable weak ciphers # This is a subpolicy to disable weak ciphers
# for the SSH protocol (libssh and OpenSSH) # for the SSH protocol (libssh and OpenSSH)
# Carried out as part of CIS Benchmark rules combined 1.6.6 and 5.1.4 # Carried out as part of CIS Benchmark rules combined 1.6.6 and 5.1.4
cipher@SSH ={% if rhel9cis_rule_1_6_6 %} -CHACHA20-POLY1305{% endif %}{% if rhel9cis_rule_5_1_5 %} -3DES-CBC -AES-128-CBC -AES-192-CBC -AES-256-CBC{% endif %} cipher@SSH ={% if rhel9cis_rule_1_6_6 %} -CHACHA20-POLY1305{% endif %}{% if rhel9cis_rule_5_1_4 %} -3DES-CBC -AES-128-CBC -AES-192-CBC -AES-256-CBC{% endif %}