Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assert that: rhel8cis_crypto_policy in rhel8cis_allowed_crypto_policies does not allow policy modules #295

Closed
bbaassssiiee opened this issue Jun 5, 2023 · 1 comment
Closed

Assert that: rhel8cis_crypto_policy in rhel8cis_allowed_crypto_policies does not allow policy modules #295

bbaassssiiee opened this issue Jun 5, 2023 · 1 comment
Assignees
@uk-bolly
Labels
bug Something isn't working

Comments

@bbaassssiiee
Copy link
Member

bbaassssiiee commented Jun 5, 2023
edited
Loading

Describe the Issue

  1. Active Directory integration could use AD-SUPPORT module for crypto-policies [1].
  2. Common Criteria require the OSPP module for crypto-policies.

Expected Behavior
I'd expect a split on : of the rhel8cis_crypto_policy with a check on the first part.
Now I have to extend rhel8cis_allowed_crypto_policies.

Actual Behavior

rhel8cis_crypto_policy: DEFAULT:AD-SUPPORT fails the asserion Check crypto-policy input

Control(s) Affected

Not reported correctly, run breaks.

Environment (please complete the following information):

  • Ansible Version: [e.g. 2.10]
  • Host Python Version: [e.g. Python 3.7.6]
  • Ansible Server Python Version: [e.g. Python 3.7.6]
  • Using branch: [e.g. main]
  • Additional Details:

Additional Notes

Possible Solution

Check the policy and possible module.
Add allowed modules as a dict and implement a check on it.

rhel8cis_allowed_crypto_policies_modules:
  - OSPP

[1] Enabling AD-SUPPORT might create a workaround, while the AD should be updated instead:
https://www.redhat.com/en/blog/red-hat-enterprise-linux-and-microsoft-security-update-november-2022
@bbaassssiiee bbaassssiiee added the bug Something isn't working label Jun 5, 2023
@uk-bolly uk-bolly self-assigned this Jun 6, 2023
@uk-bolly uk-bolly mentioned this issue Jun 6, 2023
Merged
@bbaassssiiee
Copy link
Member Author

verified #297

@uk-bolly uk-bolly mentioned this issue Jul 5, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@uk-bolly uk-bolly

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bbaassssiiee @uk-bolly