1

I have had the following suggestion for my Servers on the insights client.

SSH security is decreased when insecure cipher or hmac is enabled in the crypto policy

The playbook remediation doesn't seem to work. Neither does the linked red hat knowledge base article. https://access.redhat.com/articles/7041246

More concerning is that I have never touched these policies, the incident reports that the systems had this issue as of 3 days ago but the 'Modified date' was 18th July 24

What happened to my servers to suddenly allow these insecure ciphers? Does this indicate a data breach? Or could it be AWS changing things?

Huw Evans
  • 113
  • 4

1 Answers1

1

this is from RedHat insights team.

More concerning is that I have never touched these policies, the incident reports that the systems had this issue as of 3 days ago but the 'Modified date' was 18th July 24

This Advisor rule is created to check if there is insecure cipher or hmac configured for sshd service(the initial version is released on 18th July 24). This Advisor rule checks the output of nmap command when crypto is enabled. However, nmap is not installed by default, so we released a update(last week) which checks crypto config files when nmap is not installed and crypto is enabled. This is why it shows your system hit this issue 3 days ago and the 'Modified date' was 18th July 24.

The playbook remediation doesn't seem to work. Neither does the linked red hat knowledge base article. https://access.redhat.com/articles/7041246.

please open a case via the portal: https://access.redhat.com, then please upload your playbook remediation and insights archive, let's research it on the case.

# insights-client --no-upload
Jiajun Zhang
  • 26