Merge pull request #176 from schurzi/crypto_policy

add control for CRYPTO_POLICY on RedHat

Author: micheelengronne

controls/sshd_spec.rb

@@ -503,3 +503,19 @@
     its('stderr') { should eq '' }
   end
 end
+
+control 'sshd-49' do
+  impact 1.0
+  title 'Server: CRYPTO_POLICY'
+  desc 'Verifies, that we are not running CRYPTO_POLICY and our settings from sshd_config are effective'
+  only_if('OS is RHEL 8+ or compatible') do
+    os[:family] == 'redhat' && ::Gem::Version.new(os.release) > ::Gem::Version.new('8')
+  end
+
+  describe bash("pgrep -af 'sshd -D'") do
+    its('exit_status') { should eq 0 }
+    its('stdout') { should_not match('-oCiphers') }
+    its('stdout') { should_not match('-oKexAlgorithms') }
+    its('stdout') { should_not match('-oHostKeyAlgorithms') }
+  end
+end