Displaying 7 results from an estimated 7 matches for "policies_security".
2019 Oct 12
2
easy way to stop old ssl's
...configuring every application separataly it would be nice if
"accepted levels of security" could be set system wide.
With 8 it seems there is such a thing
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening
Although I believe that FIPS mode is also available in 7
I did not used neither system wide cryptographic policies nor FIPS mode
so my post is more the theoretical one, but I thought it is on topic.
--
Kind Regards, Markus Falb
2019 Oct 12
0
easy way to stop old ssl's
...combinations, and implications.
Who is that central organization? Are you sure their notions match your own?
> With 8 it seems there is such a thing
>
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening
>
> Although I believe that FIPS mode is also available in 7
That?s FIPS 140-2, a standard from 2001, which is three TLS standards ago.
FIPS 140-3 just barely became effective a few weeks ago, which means it won?t be considered for inclusion in RHEL until 9, which I don?t expect...
2024 Jan 25
2
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
Hi,
I am running the below servers on Red Hat Enterprise Linux release 8.7
(Ootpa). The details are as follows.
# rpm -qa | grep openssh
openssh-8.0p1-16.el8.x86_64
openssh-askpass-8.0p1-16.el8.x86_64
openssh-server-8.0p1-16.el8.x86_64
openssh-clients-8.0p1-16.el8.x86_64
# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.7 (Ootpa)
#
How do I enable strong KexAlgorithms, Ciphers and
2019 Oct 11
4
easy way to stop old ssl's
HI all, When CentOS 7 was created things like SSLv2 TLSv1 TLSv1.1 etc...
were all OK, but now they have fallen out of favor for various reasons.
Updating to CentOS 7.7 does not automatically disable these types of items
from apache - is there a script that is available that can be ran to bring
a box up to current "accepted" levels ?
Or is that an edit by hand, do it yourself on all your
2019 Oct 15
1
easy way to stop old ssl's
...es like disable SSLv3 or TLSv1? Could the
authority be the community or some common knowledge?
>
>> With 8 it seems there is such a thing
>>
>> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening
>>
>> Although I believe that FIPS mode is also available in 7
>
> That?s FIPS 140-2, a standard from 2001, which is three TLS standards ago.
If I look at the comparison table from the link above FIPS mode does not
look that bad. I guess that I would get A rating from...
2024 Jan 26
1
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
...t would likely be the *preferred*
method to inject your intended config changes *there* (unless they
happen to already be part of an existing policy, like FUTURE).
https://access.redhat.com/documentation/de-de/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/ope...
2024 Jan 27
2
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
...*preferred*
> method to inject your intended config changes *there* (unless they
> happen to already be part of an existing policy, like FUTURE).
>
>
> https://access.redhat.com/documentation/de-de/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening
>
> Kind regards,
> --
> Jochen Bern
> Systemingenieur
>
> Binect GmbH
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Thank...