Merge pull request #11829 from Xeicker/update_ol8_profiles

Update ol8 profiles

products/ol8/profiles/anssi_bp28_high.profile

@@ -14,49 +14,23 @@ description: |-
 selections:
     - anssi:all:high
     # Following rules once had a prodtype incompatible with the ol8 product
-    - '!kernel_config_gcc_plugin_structleak_byref_all'
     - '!accounts_passwords_pam_tally2_deny_root'
-    - '!kernel_config_refcount_full'
     - '!timer_logrotate_enabled'
-    - '!kernel_config_legacy_vsyscall_none'
-    - '!kernel_config_hardened_usercopy_fallback'
     - '!ensure_redhat_gpgkey_installed'
     - '!aide_periodic_checking_systemd_timer'
-    - '!kernel_config_gcc_plugin_latent_entropy'
     - '!audit_rules_privileged_commands_rmmod'
     - '!grub2_mds_argument'
     - '!audit_rules_privileged_commands_modprobe'
     - '!package_dracut-fips-aesni_installed'
-    - '!kernel_config_bug_on_data_corruption'
     - '!cracklib_accounts_password_pam_lcredit'
     - '!sysctl_fs_protected_regular'
-    - '!kernel_config_stackprotector_strong'
     - '!cracklib_accounts_password_pam_ocredit'
-    - '!kernel_config_sched_stack_end_check'
-    - '!kernel_config_gcc_plugin_stackleak'
     - '!audit_rules_privileged_commands_insmod'
-    - '!kernel_config_legacy_vsyscall_emulate'
-    - '!kernel_config_arm64_sw_ttbr0_pan'
-    - '!kernel_config_page_poisoning'
     - '!chronyd_configure_pool_and_server'
     - '!accounts_passwords_pam_tally2'
     - '!cracklib_accounts_password_pam_ucredit'
-    - '!kernel_config_vmap_stack'
-    - '!kernel_config_legacy_vsyscall_xonly'
-    - '!kernel_config_gcc_plugin_randstruct'
     - '!accounts_passwords_pam_tally2_unlock_time'
-    - '!kernel_config_stackprotector'
-    - '!kernel_config_slab_freelist_hardened'
-    - '!kernel_config_gcc_plugin_structleak'
     - '!cracklib_accounts_password_pam_minlen'
-    - '!kernel_config_debug_wx'
     - '!sysctl_fs_protected_fifos'
-    - '!kernel_config_strict_kernel_rwx'
-    - '!kernel_config_fortify_source'
     - '!cracklib_accounts_password_pam_dcredit'
-    - '!kernel_config_slab_merge_default'
-    - '!kernel_config_slab_freelist_random'
-    - '!kernel_config_hardened_usercopy'
     - '!grub2_page_alloc_shuffle_argument'
-    - '!kernel_config_strict_module_rwx'
-    - '!kernel_config_modify_ldt_syscall'

products/ol8/profiles/cjis.profile

@@ -58,7 +58,6 @@ selections:
     - accounts_password_all_shadowed
     - no_empty_passwords
     - display_login_attempts
-    - var_accounts_password_minlen_login_defs=12
     - var_accounts_maximum_age_login_defs=90
     - var_password_pam_unix_remember=10
     - var_account_disable_post_pw_expiration=0

products/ol8/profiles/e8.profile

@@ -69,6 +69,8 @@ selections:
   - file_ownership_library_dirs
 
   ### Passwords
+  - var_authselect_profile=sssd
+  - enable_authselect
   - no_empty_passwords
 
   ### Partitioning

products/ol8/profiles/hipaa.profile

@@ -66,7 +66,6 @@ selections:
     - sshd_enable_warning_banner
     - var_sshd_set_keepalive=0
     - sshd_set_keepalive_0
-    - sshd_use_priv_separation
     - encrypt_partitions
     - var_system_crypto_policy=fips
     - configure_crypto_policy