Skip to content

SSHD Must Include System Crypto Policy Config File

An XCCDF Rule

Description

SSHD should follow the system cryptographic policy. In order to accomplish this the SSHD configuration should include the system

Rationale

Without cryptographic integrity protections, information can be altered by unauthorized users without detection.

ID
xccdf_org.ssgproject.content_rule_sshd_include_crypto_policy
Severity
Medium
References
Updated



Remediation - Ansible

- name: Gather the package facts
  package_facts:
    manager: auto
  tags:
  - CCE-90566-1
  - DISA-STIG-RHEL-09-255055

Remediation - Shell Script

# Remediation is applicable only in certain platforms
if rpm --quiet -q kernel; then

echo "Include /etc/ssh/sshd_config.d/*.conf" >> /etc/ssh/sshd_config
echo "Include /etc/crypto-policies/back-ends/opensshserver.config" >> /etc/ssh/ssh_config.d/50-redhat.conf