ComplianceAsCode
diff --git a/‎tests/data/product_stability/alinux2.yml‎
Lines changed: 21 additions & 7 deletions b/‎tests/data/product_stability/alinux2.yml‎
Lines changed: 21 additions & 7 deletions
diff --git a/‎tests/data/product_stability/alinux3.yml‎
Lines changed: 21 additions & 7 deletions b/‎tests/data/product_stability/alinux3.yml‎
Lines changed: 21 additions & 7 deletions
diff --git a/‎tests/data/product_stability/anolis23.yml‎
Lines changed: 20 additions & 6 deletions b/‎tests/data/product_stability/anolis23.yml‎
Lines changed: 20 additions & 6 deletions
diff --git a/‎tests/data/product_stability/anolis8.yml‎
Lines changed: 20 additions & 6 deletions b/‎tests/data/product_stability/anolis8.yml‎
Lines changed: 20 additions & 6 deletions
diff --git a/‎tests/data/product_stability/debian11.yml‎
Lines changed: 21 additions & 7 deletions b/‎tests/data/product_stability/debian11.yml‎
Lines changed: 21 additions & 7 deletions
diff --git a/‎tests/data/product_stability/debian12.yml‎
Lines changed: 21 additions & 7 deletions b/‎tests/data/product_stability/debian12.yml‎
Lines changed: 21 additions & 7 deletions
diff --git a/‎tests/data/product_stability/debian13.yml‎
Lines changed: 21 additions & 7 deletions b/‎tests/data/product_stability/debian13.yml‎
Lines changed: 21 additions & 7 deletions
diff --git a/‎tests/data/product_stability/eks.yml‎
Lines changed: 21 additions & 7 deletions b/‎tests/data/product_stability/eks.yml‎
Lines changed: 21 additions & 7 deletions
diff --git a/‎tests/data/product_stability/example.yml‎
Lines changed: 21 additions & 7 deletions b/‎tests/data/product_stability/example.yml‎
Lines changed: 21 additions & 7 deletions
@@ -4,15 +4,16 @@ aide_bin_path: /usr/sbin/aide
 aide_conf_path: /etc/aide.conf
 audisp_conf_path: /etc/audit
 audit_binaries:
-  - /sbin/auditctl
-  - /sbin/aureport
-  - /sbin/ausearch
-  - /sbin/autrace
-  - /sbin/auditd
-  - /sbin/audispd
-  - /sbin/augenrules
+- /sbin/auditctl
+- /sbin/aureport
+- /sbin/ausearch
+- /sbin/autrace
+- /sbin/auditd
+- /sbin/audispd
+- /sbin/augenrules
 audit_watches_style: legacy
 auid: 1000
+base_policy: DEFAULT:NO-SHA1
 basic_properties_derived: true
 benchmark_id: ALINUX-2
 benchmark_root: ../../linux_os/guide
@@ -85,6 +86,19 @@ reference_uris:
   stigref: https://www.cyber.mil/stigs/srg-stig-tools/
 rsyslog_cafile: /etc/pki/tls/cert.pem
 sshd_distributed_config: 'false'
+sub_policies:
+  NO-SSHCBC:
+    key: cipher@SSH
+    value: -*-CBC
+  NO-SSHWEAKCIPHERS:
+    key: cipher@SSH
+    value: -3DES-CBC -AES-128-CBC -AES-192-CBC -AES-256-CBC -CHACHA20-POLY1305
+  NO-SSHWEAKMACS:
+    key: mac@SSH
+    value: -HMAC-MD5* -UMAC-64* -UMAC-128*
+  NO-WEAKMAC:
+    key: mac
+    value: -*-128*
 sysctl_remediate_drop_in_file: 'false'
 target_oval_version:
 - 5
 
@@ -4,15 +4,16 @@ aide_bin_path: /usr/sbin/aide
 aide_conf_path: /etc/aide.conf
 audisp_conf_path: /etc/audit
 audit_binaries:
-  - /sbin/auditctl
-  - /sbin/aureport
-  - /sbin/ausearch
-  - /sbin/autrace
-  - /sbin/auditd
-  - /sbin/audispd
-  - /sbin/augenrules
+- /sbin/auditctl
+- /sbin/aureport
+- /sbin/ausearch
+- /sbin/autrace
+- /sbin/auditd
+- /sbin/audispd
+- /sbin/augenrules
 audit_watches_style: legacy
 auid: 1000
+base_policy: DEFAULT:NO-SHA1
 basic_properties_derived: true
 benchmark_id: ALINUX-3
 benchmark_root: ../../linux_os/guide
@@ -85,6 +86,19 @@ reference_uris:
   stigref: https://www.cyber.mil/stigs/srg-stig-tools/
 rsyslog_cafile: /etc/pki/tls/cert.pem
 sshd_distributed_config: 'false'
+sub_policies:
+  NO-SSHCBC:
+    key: cipher@SSH
+    value: -*-CBC
+  NO-SSHWEAKCIPHERS:
+    key: cipher@SSH
+    value: -3DES-CBC -AES-128-CBC -AES-192-CBC -AES-256-CBC -CHACHA20-POLY1305
+  NO-SSHWEAKMACS:
+    key: mac@SSH
+    value: -HMAC-MD5* -UMAC-64* -UMAC-128*
+  NO-WEAKMAC:
+    key: mac
+    value: -*-128*
 sysctl_remediate_drop_in_file: 'false'
 target_oval_version:
 - 5
 
@@ -4,14 +4,15 @@ aide_bin_path: /usr/sbin/aide
 aide_conf_path: /etc/aide.conf
 audisp_conf_path: /etc/audit
 audit_binaries:
-  - /sbin/auditctl
-  - /sbin/aureport
-  - /sbin/ausearch
-  - /sbin/autrace
-  - /sbin/auditd
-  - /sbin/augenrules
+- /sbin/auditctl
+- /sbin/aureport
+- /sbin/ausearch
+- /sbin/autrace
+- /sbin/auditd
+- /sbin/augenrules
 audit_watches_style: legacy
 auid: 1000
+base_policy: DEFAULT:NO-SHA1
 basic_properties_derived: true
 benchmark_id: ANOLIS-23
 benchmark_root: ../../linux_os/guide
@@ -84,6 +85,19 @@ reference_uris:
   stigref: https://www.cyber.mil/stigs/srg-stig-tools/
 rsyslog_cafile: /etc/pki/tls/cert.pem
 sshd_distributed_config: 'false'
+sub_policies:
+  NO-SSHCBC:
+    key: cipher@SSH
+    value: -*-CBC
+  NO-SSHWEAKCIPHERS:
+    key: cipher@SSH
+    value: -3DES-CBC -AES-128-CBC -AES-192-CBC -AES-256-CBC -CHACHA20-POLY1305
+  NO-SSHWEAKMACS:
+    key: mac@SSH
+    value: -HMAC-MD5* -UMAC-64* -UMAC-128*
+  NO-WEAKMAC:
+    key: mac
+    value: -*-128*
 sysctl_remediate_drop_in_file: 'false'
 target_oval_version:
 - 5
 
@@ -4,14 +4,15 @@ aide_bin_path: /usr/sbin/aide
 aide_conf_path: /etc/aide.conf
 audisp_conf_path: /etc/audit
 audit_binaries:
-  - /sbin/auditctl
-  - /sbin/aureport
-  - /sbin/ausearch
-  - /sbin/autrace
-  - /sbin/auditd
-  - /sbin/augenrules
+- /sbin/auditctl
+- /sbin/aureport
+- /sbin/ausearch
+- /sbin/autrace
+- /sbin/auditd
+- /sbin/augenrules
 audit_watches_style: legacy
 auid: 1000
+base_policy: DEFAULT:NO-SHA1
 basic_properties_derived: true
 benchmark_id: ANOLIS-8
 benchmark_root: ../../linux_os/guide
@@ -84,6 +85,19 @@ reference_uris:
   stigref: https://www.cyber.mil/stigs/srg-stig-tools/
 rsyslog_cafile: /etc/pki/tls/cert.pem
 sshd_distributed_config: 'false'
+sub_policies:
+  NO-SSHCBC:
+    key: cipher@SSH
+    value: -*-CBC
+  NO-SSHWEAKCIPHERS:
+    key: cipher@SSH
+    value: -3DES-CBC -AES-128-CBC -AES-192-CBC -AES-256-CBC -CHACHA20-POLY1305
+  NO-SSHWEAKMACS:
+    key: mac@SSH
+    value: -HMAC-MD5* -UMAC-64* -UMAC-128*
+  NO-WEAKMAC:
+    key: mac
+    value: -*-128*
 sysctl_remediate_drop_in_file: 'false'
 target_oval_version:
 - 5
 
@@ -4,15 +4,16 @@ aide_bin_path: /usr/sbin/aide
 aide_conf_path: /etc/aide.conf
 audisp_conf_path: /etc/audit
 audit_binaries:
-  - /sbin/auditctl
-  - /sbin/aureport
-  - /sbin/ausearch
-  - /sbin/autrace
-  - /sbin/auditd
-  - /sbin/audispd
-  - /sbin/augenrules
+- /sbin/auditctl
+- /sbin/aureport
+- /sbin/ausearch
+- /sbin/autrace
+- /sbin/auditd
+- /sbin/audispd
+- /sbin/augenrules
 audit_watches_style: legacy
 auid: 1000
+base_policy: DEFAULT:NO-SHA1
 basic_properties_derived: true
 benchmark_id: DEBIAN-11
 benchmark_root: ../../linux_os/guide
@@ -94,6 +95,19 @@ reference_uris:
   stigref: https://www.cyber.mil/stigs/srg-stig-tools/
 rsyslog_cafile: /etc/pki/tls/cert.pem
 sshd_distributed_config: 'false'
+sub_policies:
+  NO-SSHCBC:
+    key: cipher@SSH
+    value: -*-CBC
+  NO-SSHWEAKCIPHERS:
+    key: cipher@SSH
+    value: -3DES-CBC -AES-128-CBC -AES-192-CBC -AES-256-CBC -CHACHA20-POLY1305
+  NO-SSHWEAKMACS:
+    key: mac@SSH
+    value: -HMAC-MD5* -UMAC-64* -UMAC-128*
+  NO-WEAKMAC:
+    key: mac
+    value: -*-128*
 sysctl_remediate_drop_in_file: 'false'
 target_oval_version:
 - 5
 
@@ -4,15 +4,16 @@ aide_bin_path: /usr/sbin/aide
 aide_conf_path: /etc/aide/aide.conf
 audisp_conf_path: /etc/audit
 audit_binaries:
-  - /sbin/auditctl
-  - /sbin/aureport
-  - /sbin/ausearch
-  - /sbin/autrace
-  - /sbin/auditd
-  - /sbin/audispd
-  - /sbin/augenrules
+- /sbin/auditctl
+- /sbin/aureport
+- /sbin/ausearch
+- /sbin/autrace
+- /sbin/auditd
+- /sbin/audispd
+- /sbin/augenrules
 audit_watches_style: legacy
 auid: 1000
+base_policy: DEFAULT:NO-SHA1
 basic_properties_derived: true
 benchmark_id: DEBIAN-12
 benchmark_root: ../../linux_os/guide
@@ -95,6 +96,19 @@ reference_uris:
   stigref: https://www.cyber.mil/stigs/srg-stig-tools/
 rsyslog_cafile: /etc/pki/tls/cert.pem
 sshd_distributed_config: 'false'
+sub_policies:
+  NO-SSHCBC:
+    key: cipher@SSH
+    value: -*-CBC
+  NO-SSHWEAKCIPHERS:
+    key: cipher@SSH
+    value: -3DES-CBC -AES-128-CBC -AES-192-CBC -AES-256-CBC -CHACHA20-POLY1305
+  NO-SSHWEAKMACS:
+    key: mac@SSH
+    value: -HMAC-MD5* -UMAC-64* -UMAC-128*
+  NO-WEAKMAC:
+    key: mac
+    value: -*-128*
 sysctl_remediate_drop_in_file: 'false'
 target_oval_version:
 - 5
 
@@ -4,15 +4,16 @@ aide_bin_path: /usr/sbin/aide
 aide_conf_path: /etc/aide/aide.conf
 audisp_conf_path: /etc/audit
 audit_binaries:
-  - /sbin/auditctl
-  - /sbin/aureport
-  - /sbin/ausearch
-  - /sbin/autrace
-  - /sbin/auditd
-  - /sbin/audispd
-  - /sbin/augenrules
+- /sbin/auditctl
+- /sbin/aureport
+- /sbin/ausearch
+- /sbin/autrace
+- /sbin/auditd
+- /sbin/audispd
+- /sbin/augenrules
 audit_watches_style: legacy
 auid: 1000
+base_policy: DEFAULT:NO-SHA1
 basic_properties_derived: true
 benchmark_id: DEBIAN-13
 benchmark_root: ../../linux_os/guide
@@ -95,6 +96,19 @@ reference_uris:
   stigref: https://www.cyber.mil/stigs/srg-stig-tools/
 rsyslog_cafile: /etc/pki/tls/cert.pem
 sshd_distributed_config: 'false'
+sub_policies:
+  NO-SSHCBC:
+    key: cipher@SSH
+    value: -*-CBC
+  NO-SSHWEAKCIPHERS:
+    key: cipher@SSH
+    value: -3DES-CBC -AES-128-CBC -AES-192-CBC -AES-256-CBC -CHACHA20-POLY1305
+  NO-SSHWEAKMACS:
+    key: mac@SSH
+    value: -HMAC-MD5* -UMAC-64* -UMAC-128*
+  NO-WEAKMAC:
+    key: mac
+    value: -*-128*
 sysctl_remediate_drop_in_file: 'false'
 target_oval_version:
 - 5
 
@@ -4,15 +4,16 @@ aide_bin_path: /usr/sbin/aide
 aide_conf_path: /etc/aide.conf
 audisp_conf_path: /etc/audit
 audit_binaries:
-  - /sbin/auditctl
-  - /sbin/aureport
-  - /sbin/ausearch
-  - /sbin/autrace
-  - /sbin/auditd
-  - /sbin/audispd
-  - /sbin/augenrules
+- /sbin/auditctl
+- /sbin/aureport
+- /sbin/ausearch
+- /sbin/autrace
+- /sbin/auditd
+- /sbin/audispd
+- /sbin/augenrules
 audit_watches_style: legacy
 auid: 1000
+base_policy: DEFAULT:NO-SHA1
 basic_properties_derived: true
 benchmark_id: EKS
 benchmark_root: ../../applications
@@ -92,6 +93,19 @@ reference_uris:
   stigref: https://www.cyber.mil/stigs/srg-stig-tools/
 rsyslog_cafile: /etc/pki/tls/cert.pem
 sshd_distributed_config: 'false'
+sub_policies:
+  NO-SSHCBC:
+    key: cipher@SSH
+    value: -*-CBC
+  NO-SSHWEAKCIPHERS:
+    key: cipher@SSH
+    value: -3DES-CBC -AES-128-CBC -AES-192-CBC -AES-256-CBC -CHACHA20-POLY1305
+  NO-SSHWEAKMACS:
+    key: mac@SSH
+    value: -HMAC-MD5* -UMAC-64* -UMAC-128*
+  NO-WEAKMAC:
+    key: mac
+    value: -*-128*
 sysctl_remediate_drop_in_file: 'false'
 target_oval_version:
 - 5
 
@@ -4,15 +4,16 @@ aide_bin_path: /usr/sbin/aide
 aide_conf_path: /etc/aide.conf
 audisp_conf_path: /etc/audit
 audit_binaries:
-  - /sbin/auditctl
-  - /sbin/aureport
-  - /sbin/ausearch
-  - /sbin/autrace
-  - /sbin/auditd
-  - /sbin/audispd
-  - /sbin/augenrules
+- /sbin/auditctl
+- /sbin/aureport
+- /sbin/ausearch
+- /sbin/autrace
+- /sbin/auditd
+- /sbin/audispd
+- /sbin/augenrules
 audit_watches_style: legacy
 auid: 1000
+base_policy: DEFAULT:NO-SHA1
 basic_properties_derived: true
 benchmark_id: EXAMPLE
 benchmark_root: ../../linux_os/guide
@@ -86,6 +87,19 @@ reference_uris:
   stigref: https://www.cyber.mil/stigs/srg-stig-tools/
 rsyslog_cafile: /etc/pki/tls/cert.pem
 sshd_distributed_config: 'false'
+sub_policies:
+  NO-SSHCBC:
+    key: cipher@SSH
+    value: -*-CBC
+  NO-SSHWEAKCIPHERS:
+    key: cipher@SSH
+    value: -3DES-CBC -AES-128-CBC -AES-192-CBC -AES-256-CBC -CHACHA20-POLY1305
+  NO-SSHWEAKMACS:
+    key: mac@SSH
+    value: -HMAC-MD5* -UMAC-64* -UMAC-128*
+  NO-WEAKMAC:
+    key: mac
+    value: -*-128*
 sysctl_remediate_drop_in_file: 'false'
 target_oval_version:
 - 5