ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
RHEL9-CIS/templates/etc/crypto-policies/policies/modules/NO-SSHWEAKCIPHERS.pmod.j2
Mark Bolwell 5c5499fd72
Initial pmod templates for ssh control 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2024-07-24 14:02:51 +01:00

4 lines
319 B
Django/Jinja
Raw Blame History

# This is a subpolicy to disable weak ciphers
# for the SSH protocol (libssh and OpenSSH)
# Carried out as part of CIS Benchmark rules combined 1.6.6 and 5.1.4
cipher@SSH ={% if rhel9cis_rule_1_6_6 %} -CHACHA20-POLY1305{% endif %}{% if rhel9cis_rule_5_1_5 %} -3DES-CBC -AES-128-CBC -AES-192-CBC -AES-256-CBC{% endif %}
Reference in a new issue View git blame Copy permalink