SSHD Must Include System Crypto Policy Config File
An XCCDF Rule
Description
SSHD should follow the system cryptographic policy. In order to accomplish this the SSHD configuration should include the system
Rationale
Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
- ID
- xccdf_org.ssgproject.content_rule_sshd_include_crypto_policy
- Severity
- Medium
- References
- Updated
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- CCE-90566-1
- DISA-STIG-RHEL-09-255055
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if rpm --quiet -q kernel; then
echo "Include /etc/ssh/sshd_config.d/*.conf" >> /etc/ssh/sshd_config
echo "Include /etc/crypto-policies/back-ends/opensshserver.config" >> /etc/ssh/ssh_config.d/50-redhat.conf