Detections
Analytics

1.448 RHEL-09-671020

Information

RHEL 9 IP tunnels must use FIPS 140-3 approved cryptographic algorithms.

GROUP ID: V-258232
RULE ID: SV-258232r1045440

Overriding the system crypto policy makes the behavior of the Libreswan service violate expectations, and makes system configuration more fragmented.

Solution

Configure Libreswan to use the system cryptographic policy.

Add the following line to "/etc/ipsec.conf":

include /etc/crypto-policies/back-ends/libreswan.config

See Also

https://workbench.cisecurity.org/benchmarks/22008

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-17(2), CAT|II, CCI|CCI-000068, Rule-ID|SV-258232r1045440_rule, STIG-ID|RHEL-09-671020, Vuln-ID|V-258232

Plugin: Unix

Control ID: 552609b7a1c4124b6d50969774d8e31d77a11415e6471744463eb44361c5b61b