Merge pull request #10966 from marcusburghardt/sshd_approved_ciphers_…

…stig Update sshd_approved_ciphers value for RHEL in STIG profile
ComplianceAsCode · Aug 9, 2023 · b22ab92 · b22ab92
2 parents d31e030 + 051c133
commit b22ab92
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 8 deletions.
diff --git a/controls/srg_gpos.yml b/controls/srg_gpos.yml
@@ -20,7 +20,7 @@ controls:
             - var_password_hashing_algorithm=SHA512
             - var_password_pam_dictcheck=1
             - sshd_approved_macs=stig_extended
-            - sshd_approved_ciphers=stig
+            - sshd_approved_ciphers=stig_extended
             - sshd_idle_timeout_value=10_minutes
             - var_accounts_authorized_local_users_regex=rhel8
             - var_account_disable_post_pw_expiration=35

diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile
@@ -51,7 +51,7 @@ selections:
     - var_password_pam_minlen=15
     - var_sshd_set_keepalive=1
     - sshd_approved_macs=stig_extended
-    - sshd_approved_ciphers=stig
+    - sshd_approved_ciphers=stig_extended
     - sshd_idle_timeout_value=10_minutes
     - var_accounts_authorized_local_users_regex=rhel8
     - var_accounts_passwords_pam_faillock_deny=3

diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
@@ -1,6 +1,6 @@
 description: 'This profile contains configuration checks that align to the
 
-    DISA STIG for Red Hat Enterprise Linux 8 V1R9.
+    DISA STIG for Red Hat Enterprise Linux 8 V1R11.
 
 
     In addition to being applicable to Red Hat Enterprise Linux 8, DISA recognizes
@@ -22,7 +22,7 @@ description: 'This profile contains configuration checks that align to the
     - Red Hat Containers with a Red Hat Enterprise Linux 8 image'
 extends: null
 metadata:
-    version: V1R10
+    version: V1R11
     SMEs:
     - mab879
     - ggbecker
@@ -455,7 +455,7 @@ selections:
 - var_password_pam_retry=3
 - var_sshd_set_keepalive=1
 - sshd_approved_macs=stig_extended
-- sshd_approved_ciphers=stig
+- sshd_approved_ciphers=stig_extended
 - sshd_idle_timeout_value=10_minutes
 - var_accounts_authorized_local_users_regex=rhel8
 - var_accounts_passwords_pam_faillock_deny=3

diff --git a/tests/data/profile_stability/rhel8/stig_gui.profile b/tests/data/profile_stability/rhel8/stig_gui.profile
@@ -1,6 +1,6 @@
 description: 'This profile contains configuration checks that align to the
 
-    DISA STIG with GUI for Red Hat Enterprise Linux 8 V1R9.
+    DISA STIG with GUI for Red Hat Enterprise Linux 8 V1R11.
 
 
     In addition to being applicable to Red Hat Enterprise Linux 8, DISA recognizes
@@ -33,7 +33,7 @@ description: 'This profile contains configuration checks that align to the
     standard DISA STIG for Red Hat Enterprise Linux 8 profile.'
 extends: null
 metadata:
-    version: V1R10
+    version: V1R11
     SMEs:
     - mab879
     - ggbecker
@@ -463,7 +463,7 @@ selections:
 - var_password_pam_retry=3
 - var_sshd_set_keepalive=1
 - sshd_approved_macs=stig_extended
-- sshd_approved_ciphers=stig
+- sshd_approved_ciphers=stig_extended
 - sshd_idle_timeout_value=10_minutes
 - var_accounts_authorized_local_users_regex=rhel8
 - var_accounts_passwords_pam_faillock_deny=3