File tree Expand file tree Collapse file tree
ci-aio/inventory/group_vars/cis-hardening
ci-multinode/inventory/group_vars/cis-hardening Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1313 that :
1414 - ssh_key_type != 'ed25519'
1515 fail_msg : FIPS policy does not currently support ed25519 SSH keys on RHEL family systems
16- when : ansible_facts.os_family == 'RedHat'
16+ when : ansible_facts.os_family == 'RedHat' and rhel9cis_crypto_policy == 'FIPS'
1717
1818 - name : Ensure the cron package is installed on ubuntu
1919 package :
Original file line number Diff line number Diff line change 1+ ---
2+ ##############################################################################
3+ # Rocky 9 CIS Hardening Configuration
4+
5+ # NOTE: Using DEFAULT crypto policy in CI. FIPS breaks ed25519 SSH keys, and
6+ # FUTURE breaks wazuh agent repo metadata download.
7+ rhel9cis_crypto_policy: DEFAULT
8+
9+ ##############################################################################
Original file line number Diff line number Diff line change 1+ ---
2+ ##############################################################################
3+ # Rocky 9 CIS Hardening Configuration
4+
5+ # NOTE: Using DEFAULT crypto policy in CI. FIPS breaks ed25519 SSH keys, and
6+ # FUTURE breaks wazuh agent repo metadata download.
7+ rhel9cis_crypto_policy: DEFAULT
8+
9+ ##############################################################################
You can’t perform that action at this time.
0 commit comments