Add new rule file_sshd_50_redhat_exists

ComplianceAsCode · Oct 29, 2024 · a7e846c · a7e846c
1 parent a67b47c
commit a7e846c
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 1 deletion.
diff --git a/components/openssh.yml b/components/openssh.yml
@@ -19,6 +19,7 @@ rules:
 - file_permissions_sshd_config
 - file_permissions_sshd_private_key
 - file_permissions_sshd_pub_key
+- file_sshd_50_redhat_exists
 - firewalld_sshd_disabled
 - firewalld_sshd_port_enabled
 - iptables_sshd_disabled

diff --git a/controls/stig_rhel9.yml b/controls/stig_rhel9.yml
@@ -1847,7 +1847,8 @@ controls:
             - medium
         title: RHEL 9 SSH daemon must be configured to use system-wide crypto policies.
         rules:
-            - harden_sshd_ciphers_opensshserver_conf_crypto_polic
+            - harden_sshd_ciphers_opensshserver_conf_crypto_policy
+            - file_sshd_50_redhat_exists
         status: automated
 
     -   id: RHEL-09-255060

diff --git a/linux_os/guide/services/ssh/file_sshd_50_redhat_exists/rule.yml b/linux_os/guide/services/ssh/file_sshd_50_redhat_exists/rule.yml
@@ -0,0 +1,28 @@
+documentation_complete: true
+
+title: 'The File /etc/ssh/sshd_config.d/50-redhat.conf Must Exist'
+
+description: |-
+    The <tt>/etc/ssh/sshd_config.d/50-redhat.conf</tt> file must exist as it contains important
+    settings to secure SSH.
+
+
+rationale: |-
+    The file must exist to configure SSH correctly.
+
+severity: medium
+
+warnings:
+    - general:
+        There is no remediation available for this rule since this file
+        needs to have the correct content for the given system.
+
+
+template:
+    name: 'file_existence'
+    vars:
+        filepath: '/etc/ssh/sshd_config.d/50-redhat.conf'
+        exists: true
+    backends:
+        ansible: off
+        bash: off