Merge pull request #14738 from mrkanon/OL8-v2r8

Update OL8 STIG profile to DISA STIG V2R8

Author: Mab879

linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml

@@ -34,7 +34,6 @@ references:
     nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4
     srg: SRG-OS-000095-GPOS-00049
     stigid@ol7: OL07-00-020000
-    stigid@ol8: OL08-00-040010
 
 {{{ complete_ocil_entry_package_removed("rsh-server") }}}
 

linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml

@@ -46,7 +46,6 @@ references:
     nist: AC-17(2)
     srg: SRG-OS-000250-GPOS-00093
     stigid@ol7: OL07-00-040712
-    stigid@ol8: OL08-00-040342
     stigid@sle12: SLES-12-030270
     stigid@sle15: SLES-15-040450
 

linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml

@@ -42,7 +42,6 @@ references:
     nist: IA-5(f),IA-5(1)(a),CM-6(a)
     nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
     srg: SRG-OS-000078-GPOS-00046
-    stigid@ol8: OL08-00-020231
 
 ocil_clause: 'it is not set to the required value'
 

linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml

@@ -30,7 +30,7 @@ references:
     nerc-cip: CIP-003-8 R4.2,CIP-007-3 R5.1
     nist: SC-13,SC-12(2),SC-12(3)
     srg: SRG-OS-000423-GPOS-00187,SRG-OS-000426-GPOS-00190
-    stigid@ol8: OL08-00-010020
+    stigid@ol8: OL08-00-010020,OL08-00-010187
 
 ocil_clause: |-
     BIND is installed and the BIND config file doesn't contain the

linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml

@@ -68,7 +68,7 @@ references:
     nist: AC-17(a),AC-17(2),CM-6(a),MA-4(6),SC-13,SC-12(2),SC-12(3)
     ospp: FCS_COP.1(1),FCS_COP.1(2),FCS_COP.1(3),FCS_COP.1(4),FCS_CKM.1,FCS_CKM.2,FCS_TLSC_EXT.1
     srg: SRG-OS-000396-GPOS-00176,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174
-    stigid@ol8: OL08-00-010020
+    stigid@ol8: OL08-00-010020,OL08-00-010183,OL08-00-010181
 
 ocil_clause: 'cryptographic policy is not configured or is configured incorrectly'
 

linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml

@@ -29,7 +29,6 @@ identifiers:
 references:
     nist: AC-17(2)
     srg: SRG-OS-000250-GPOS-00093,SRG-OS-000423-GPOS-00187
-    stigid@ol8: OL08-00-010295
 
 ocil_clause: 'cryptographic policy for gnutls is not configured or is configured incorrectly'
 

linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml

@@ -34,7 +34,7 @@ references:
     nist: CM-6(a),MA-4(6),SC-13,SC-12(2),SC-12(3)
     pcidss: Req-2.2
     srg: SRG-OS-000033-GPOS-00014
-    stigid@ol8: OL08-00-010020
+    stigid@ol8: OL08-00-010020,OL08-00-010186
 
 ocil_clause: |-
     the "IPsec" service is active and the ipsec configuration file does not contain does not contain <tt>include /etc/crypto-policies/back-ends/libreswan.config</tt>

linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml

@@ -43,7 +43,6 @@ identifiers:
 references:
     nist: AC-17(2)
     srg: SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174
-    stigid@ol8: OL08-00-010294
 
 ocil_clause: 'cryptographic policy for openssl is not configured or is configured incorrectly'
 

linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml

@@ -33,7 +33,6 @@ references:
     ospp: FCS_SSH_EXT.1,FCS_SSHS_EXT.1,FCS_SSHC_EXT.1
     pcidss: Req-2.2
     srg: SRG-OS-000250-GPOS-00093
-    stigid@ol8: OL08-00-010287
 
 ocil_clause: 'the CRYPTO_POLICY variable is set or is not commented out in {{{ sshd_sysconfig }}}'
 

linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml

@@ -29,6 +29,7 @@ identifiers:
 references:
     nist: AC-17(2)
     srg: SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093
+    stigid@ol8: OL08-00-010185
 
 ocil_clause: 'Crypto Policy for OpenSSH client is not configured correctly'