You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
48 lines
2.6 KiB
48 lines
2.6 KiB
From 21124e8524967788d4c95d47dd41259a0c7f958c Mon Sep 17 00:00:00 2001
|
|
From: Vojtech Polasek <vpolasek@redhat.com>
|
|
Date: Wed, 20 Jul 2022 14:18:13 +0200
|
|
Subject: [PATCH] change remediations to include the "=" sign
|
|
|
|
---
|
|
.../crypto/configure_openssl_crypto_policy/ansible/shared.yml | 4 ++--
|
|
.../crypto/configure_openssl_crypto_policy/bash/shared.sh | 4 ++--
|
|
2 files changed, 4 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml
|
|
index c335a9e7fa2..852ca18cf79 100644
|
|
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml
|
|
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml
|
|
@@ -20,7 +20,7 @@
|
|
lineinfile:
|
|
create: yes
|
|
insertafter: '^\s*\[\s*crypto_policy\s*]\s*'
|
|
- line: ".include /etc/crypto-policies/back-ends/opensslcnf.config"
|
|
+ line: ".include = /etc/crypto-policies/back-ends/opensslcnf.config"
|
|
path: {{{ openssl_cnf_path }}}
|
|
when:
|
|
- test_crypto_policy_group.stdout is defined
|
|
@@ -29,7 +29,7 @@
|
|
- name: "Add crypto_policy group and set include opensslcnf.config"
|
|
lineinfile:
|
|
create: yes
|
|
- line: "[crypto_policy]\n.include /etc/crypto-policies/back-ends/opensslcnf.config"
|
|
+ line: "[crypto_policy]\n.include = /etc/crypto-policies/back-ends/opensslcnf.config"
|
|
path: {{{ openssl_cnf_path }}}
|
|
when:
|
|
- test_crypto_policy_group.stdout is defined
|
|
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh
|
|
index 21edb780a2f..79eb5cff189 100644
|
|
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh
|
|
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh
|
|
@@ -2,8 +2,8 @@
|
|
|
|
OPENSSL_CRYPTO_POLICY_SECTION='[ crypto_policy ]'
|
|
OPENSSL_CRYPTO_POLICY_SECTION_REGEX='\[\s*crypto_policy\s*\]'
|
|
-OPENSSL_CRYPTO_POLICY_INCLUSION='.include /etc/crypto-policies/back-ends/opensslcnf.config'
|
|
-OPENSSL_CRYPTO_POLICY_INCLUSION_REGEX='^\s*\.include\s*/etc/crypto-policies/back-ends/opensslcnf.config$'
|
|
+OPENSSL_CRYPTO_POLICY_INCLUSION='.include = /etc/crypto-policies/back-ends/opensslcnf.config'
|
|
+OPENSSL_CRYPTO_POLICY_INCLUSION_REGEX='^\s*\.include\s*(?:=\s*)?/etc/crypto-policies/back-ends/opensslcnf.config$'
|
|
|
|
{{% if 'sle' in product %}}
|
|
{{% set openssl_cnf_path="/etc/ssl/openssl.cnf" %}}
|