sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

Fix for #320 thank you @kodebach

Browse source 
Signed-off-by: Frederick Witty <frederickw@mindpointgroup.com>
This commit is contained in:
Frederick Witty 2025-04-25 11:47:17 -04:00
parent c8e410928e
commit dd909b48c8
No known key found for this signature in database
GPG key ID: D29987C25A47D813
2 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
templates/etc/crypto-policies/policies/modules/NO-SSHWEAKCIPHERS.pmod.j2
View file

@ -1,4 +1,4 @@
# This is a subpolicy to disable weak ciphers
# for the SSH protocol (libssh and OpenSSH)
# Carried out as part of CIS Benchmark rules combined 1.6.6 and 5.1.4
cipher@SSH ={% if rhel9cis_rule_1_6_6 %} -CHACHA20-POLY1305{% endif %}{% if rhel9cis_rule_5_1_5 %} -3DES-CBC -AES-128-CBC -AES-192-CBC -AES-256-CBC{% endif %}
cipher@SSH ={% if rhel9cis_rule_1_6_6 %} -CHACHA20-POLY1305{% endif %}{% if rhel9cis_rule_5_1_4 %} -3DES-CBC -AES-128-CBC -AES-192-CBC -AES-256-CBC{% endif %}