An XCCDF Group - A logical subset of the XCCDF Benchmark
update-crypto-policies
/etc/named.conf
options
include "/etc/crypto-policies/back-ends/bind.config";
$ sudo update-crypto-policies --set
/etc/crypto-policies/back-ends
/etc/crypto-policies/back-ends/gnutls.config
+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-DTLS1.0
/etc/ipsec.conf
include /etc/crypto-policies/back-ends/libreswan.config
/etc/pki/tls/openssl.cnf
ini
[ crypto_policy ]
.include = /etc/crypto-policies/back-ends/opensslcnf.config
CRYPTO_POLICY
/etc/sysconfig/sshd
/etc/ssh/ssh_config.d/
05-redhat.conf
02-ospp.conf
/etc/crypto-policies/back-ends/openssh.config
Ciphers
opensshserver-xxx.config
xxx
/etc/crypto-policies/local.d
/etc/crypto-policies/back-ends/opensshserver.config
MACs