I have had the following suggestion for my Servers on the insights client.
SSH security is decreased when insecure cipher or hmac is enabled in the crypto policy
The playbook remediation doesn't seem to work. Neither does the linked red hat knowledge base article. https://access.redhat.com/articles/7041246
More concerning is that I have never touched these policies, the incident reports that the systems had this issue as of 3 days ago but the 'Modified date' was 18th July 24
What happened to my servers to suddenly allow these insecure ciphers? Does this indicate a data breach? Or could it be AWS changing things?
this is from RedHat insights team.
This Advisor rule is created to check if there is insecure cipher or hmac configured for sshd service(the initial version is released on 18th July 24). This Advisor rule checks the output of nmap command when crypto is enabled. However, nmap is not installed by default, so we released a update(last week) which checks crypto config files when nmap is not installed and crypto is enabled. This is why it shows your system hit this issue 3 days ago and the 'Modified date' was 18th July 24.
please open a case via the portal: https://access.redhat.com, then please upload your playbook remediation and insights archive, let's research it on the case.