From 43220fa284d051f6ebae485f254007cd2459c37c Mon Sep 17 00:00:00 2001 From: Adam Rustam Date: Tue, 1 Mar 2022 13:58:40 -0500 Subject: [PATCH 1/2] Added additional conditionals to template to align with conditionals in the tasks Signed-off-by: Adam Rustam --- templates/99-sysctl.conf.j2 | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/templates/99-sysctl.conf.j2 b/templates/99-sysctl.conf.j2 index 17bb66cd..4adf6704 100644 --- a/templates/99-sysctl.conf.j2 +++ b/templates/99-sysctl.conf.j2 @@ -52,7 +52,7 @@ kernel.core_pattern = |/bin/false net.ipv4.conf.default.accept_redirects = 0 {% endif %} -{% if rhel_08_040210 %} +{% if rhel_08_040210 and rhel8stig_ipv6_required %} # RHEL-08-040210 net.ipv6.conf.default.accept_redirects = 0 {% endif %} @@ -82,27 +82,27 @@ net.ipv6.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 {% endif %} -{% if rhel_08_040250 %} +{% if rhel_08_040250 and rhel8stig_ipv6_required %} # RHEL-08-040250 net.ipv6.conf.default.accept_source_route = 0 {% endif %} -{% if rhel_08_040259 %} +{% if rhel_08_040259 and not rhel8stig_system_is_router %} # RHEL-08-040259 net.ipv4.ip_forward = 0 {% endif %} -{% if rhel_08_040260 %} +{% if rhel_08_040260 and not rhel8stig_system_is_router %} # RHEL-08-040260 net.ipv6.conf.all.forwarding = 0 {% endif %} -{% if rhel_08_040261 %} +{% if rhel_08_040261 and rhel8stig_ipv6_required and not rhel8stig_system_is_router %} # RHEL-08-040261 net.ipv6.conf.all.accept_ra = 0 {% endif %} -{% if rhel_08_040262 %} +{% if rhel_08_040262 and rhel8stig_ipv6_required and not rhel8stig_system_is_router %} # RHEL-08-040262 net.ipv6.conf.default.accept_ra = 0 {% endif %} @@ -117,7 +117,7 @@ net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.all.accept_redirects = 0 {% endif %} -{% if rhel_08_040280 %} +{% if rhel_08_040280 and rhel8stig_ipv6_required %} # RHEL-08-040280 net.ipv6.conf.all.accept_redirects = 0 {% endif %} From 9f5c91b6f55656902a5b9dce4bf13da91c76f112 Mon Sep 17 00:00:00 2001 From: Adam Rustam Date: Thu, 10 Mar 2022 15:09:57 -0500 Subject: [PATCH 2/2] Fix for issue #99 Signed-off-by: Adam Rustam --- tasks/fix-cat3.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/fix-cat3.yml b/tasks/fix-cat3.yml index 6b676867..5447ddcf 100644 --- a/tasks/fix-cat3.yml +++ b/tasks/fix-cat3.yml @@ -17,7 +17,7 @@ - name: "LOW | RHEL-08-010292 | PATCH | RHEL 8 must ensure the SSH server uses strong entropy." lineinfile: path: /etc/sysconfig/sshd - regexp: '^SSH_USE_STRONG_RNG=|^.*SSH_USE_STRONG_RNG=' + regexp: '^(#)?SSH_USE_STRONG_RNG=' line: SSH_USE_STRONG_RNG=32 notify: restart sshd when: