Bug 1464398 – rule_sshd_use_approved_ciphers remediation does not mirror OVAL

Bug 1464398 - rule_sshd_use_approved_ciphers remediation does not mirror OVAL

Summary:	rule_sshd_use_approved_ciphers remediation does not mirror OVAL

Status:	NEW

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	scap-security-guide (Show other bugs)
Sub Component:
Version:	7.4
Hardware:	Unspecified Unspecified

Priority	medium Severity low
Target Milestone:	rc
Target Release:	---
Assigned To:	Watson Yuuma Sato
QA Contact:	BaseOS QE Security Team
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2017-06-23 06:53 EDT by Marek Haicman
Modified:	2017-06-24 02:41 EDT (History)
CC List:	2 users (show)

See Also:
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Marek Haicman 2017-06-23 06:53:29 EDT

Description of problem:
With new version, rijndael-cbc@lysator.liu.se was included in the OVAL. Remediation script does not include it as one of the allowed ciphers, though.

Version-Release number of selected component (if applicable):
scap-security-guide-0.1.33-5.el7.noarch

How reproducible:
reliably

Steps to Reproduce:
1. remediate rule_sshd_use_approved_ciphers
2. 
3.

Actual results:
/etc/ssh/sshd_config contains 8 approved ciphers, and does not mirror OVAL

Expected results:
/etc/ssh/sshd_config mirrors OVAL and contains rijndael-cbc@lysator.liu.se cipher

Additional info:

Note You need to log in before you can comment on or make changes to this bug.