V1R24
jamescassell opened this issue · 1 comments
jamescassell commented
NEW
- RHEL-06-000534 V-97229
fips=1
in the kernel cmdline - RHEL-06-000244 V-97231 FIPS compliant MACs in sshd_config
UPDATED
- RHEL-06-000078 thru RHEL-06-000099
sysctl --system
to enforce sysctl params, sysctl.d files are fine, too (I didn't verify our fixes for these, but this change is just a clarification) - RHEL-06-000067 V-38583 Removes check for UEFI grub.conf permissions (I didn't verify our fix, but this change is a relaxing of the previous rule, so any deficiency should be in an already-open ticket.)
- RHEL-06-000223 V-38609 tftp okay if documented and approved by ISSO
- RHEL-06-000243 V-38617 sshd_config: removes cbc-mode ciphers from the example list in favor of ctr ciphers, but check does not meaningfully change "fips approved" is the requirement:
-Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
+Ciphers aes128-ctr,aes192-ctr,aes256-ctr
jamescassell commented
(There was no RHEL 6 STIG update today, but there was an updated benchmark.)