Bug 2168057

Summary: file_permissions_sshd_private_key is not aligned with DISA STIG benchmark [rhel-8.7.0.z]
Product: Red Hat Enterprise Linux 8 Reporter: RHEL Program Management Team <pgm-rhel-tools>
Component: scap-security-guideAssignee: Vojtech Polasek <vpolasek>
Status: CLOSED ERRATA QA Contact: Milan Lysonek <mlysonek>
Severity: unspecified Docs Contact: Jan Fiala <jafiala>
Priority: unspecified    
Version: 8.7CC: ggasparb, jafiala, matyc, mhaicman, mlysonek, smahanga, wsato
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: scap-security-guide-0.1.66-1.el8_7 Doc Type: Bug Fix
Doc Text:
.SCAP Security Guide rule `file_permissions_sshd_private_key` is aligned with STIG configuration RHEL-08-010490 Previously, the implementation of rule `file_permissions_sshd_private_key` allowed private SSH keys to be readable by the `ssh_keys` group with mode `0644`, while DISA STIG version RHEL-08-010490 required private SSH keys to have mode `0600`. As a consequence, evaluation with DISA’s automated STIG benchmark failed for configuration RHEL-08-010490. For this update, we worked with DISA to align the expected permissions for private SSH keys, and now private keys are expected to have mode `0644` or less permissive. As a result, the rule `file_permissions_sshd_private_key` and configuration RHEL-08-010490 are now aligned.
 Story Points: ---
Clone Of: 2115343 Environment:
Last Closed: 2023-02-21 07:15:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2115343    
Bug Blocks:    

Comment 17 errata-xmlrpc 2023-02-21 07:15:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:0829