section1 v2 initial

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

templates/etc/crypto-policies/policies/modules/NO-SHA1.pmod.j2

@@ -0,0 +1,6 @@
+# This is a subpolicy dropping the SHA1 hash and signature support
+# Carried out as part of CIS Benchmark
+
+hash = -SHA1
+sign = -*-SHA1
+sha1_in_certs = 0

templates/etc/crypto-policies/policies/modules/NO-SSHCBC.pmod.j2

@@ -0,0 +1,5 @@
+# This is a subpolicy to disable all CBC mode ciphers
+# for the SSH protocol (libssh and OpenSSH)
+# Carried out as part of CIS Benchmark
+
+cipher@SSH = -*-CBC

templates/etc/crypto-policies/policies/modules/NO-SSHCHACHA20.pmod.j2

@@ -0,0 +1,5 @@
+# This is a subpolicy to disable the chacha20-poly1305 ciphers
+# for the SSH protocol (libssh and OpenSSH)
+# Carried out as part of CIS Benchmark
+
+cipher@SSH = -CHACHA20-POLY1305

templates/etc/crypto-policies/policies/modules/NO-SSHETM.pmod.j2

@@ -0,0 +1,5 @@
+# This is a subpolicy to disable Encrypt then MAC
+# for the SSH protocol (libssh and OpenSSH)
+# Carried out as part of CIS Benchmark
+
+etm@SSH = DISABLE_ETM

templates/etc/crypto-policies/policies/modules/NO-WEAKMAC.pmod.j2

@@ -0,0 +1,4 @@
+# This is a subpolicy to disable weak macs
+# Carried out as part of CIS Benchmark
+
+mac = -*-64