Skip to content

Commit

Permalink
Merge pull request #176 from schurzi/crypto_policy
Browse files Browse the repository at this point in the history 
add control for CRYPTO_POLICY on RedHat
  • Loading branch information
@micheelengronne
micheelengronne authored Jul 16, 2020
2 parents e182740 + 893eeb4 commit da8aab0
Showing 1 changed file with 16 additions and 0 deletions.
16 changes: 16 additions & 0 deletions controls/sshd_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -503,3 +503,19 @@
its('stderr') { should eq '' }
end
end

control 'sshd-49' do
impact 1.0
title 'Server: CRYPTO_POLICY'
desc 'Verifies, that we are not running CRYPTO_POLICY and our settings from sshd_config are effective'
only_if('OS is RHEL 8+ or compatible') do
os[:family] == 'redhat' && ::Gem::Version.new(os.release) > ::Gem::Version.new('8')
end

describe bash("pgrep -af 'sshd -D'") do
its('exit_status') { should eq 0 }
its('stdout') { should_not match('-oCiphers') }
its('stdout') { should_not match('-oKexAlgorithms') }
its('stdout') { should_not match('-oHostKeyAlgorithms') }
end
end

0 comments on commit da8aab0

Please sign in to comment.