crypto-policies - files in /etc/crypto-policies/back-ends/

This is a collection of parsers that all deal with the generated configuration files under the /etc/crypto-policies/back-ends/ folder. Parsers included in this module are:

CryptoPoliciesConfig - file /etc/crypto-policies/config

CryptoPoliciesStateCurrent - file /etc/crypto-policies/state/current

CryptoPoliciesOpensshserver - file /etc/crypto-policies/back-ends/opensshserver.config

CryptoPoliciesBind - file /etc/crypto-policies/back-ends/bind.config

class insights.parsers.crypto_policies.CryptoPoliciesBind(context)[source]

Bases: Parser

This parser reads the /etc/crypto-policies/back-ends/bind.config file. The sections disable-algorithms and disable-ds-digests are in the properties disable_algorithms and disable_ds_digests.

Sample Input:

disable-algorithms "." {
RSAMD5;
DSA;
};
disable-ds-digests "." {
GOST;
};

Examples

>>> 'GOST' in cp_bind.disable_ds_digests
True
>>> cp_bind.disable_algorithms
['RSAMD5', 'DSA']
parse_content(content)[source]

This method must be implemented by classes based on this class.

class insights.parsers.crypto_policies.CryptoPoliciesConfig(context)[source]

Bases: Parser

This parser reads the /etc/crypto-policies/config file. The contents of the file is a single-line value, available in the value property.

Sample Input:

LEGACY

Examples

>>> cp_c.value
'LEGACY'
parse_content(content)[source]

This method must be implemented by classes based on this class.

class insights.parsers.crypto_policies.CryptoPoliciesOpensshserver(context)[source]

Bases: Parser, dict

This parser reads the /etc/crypto-policies/back-ends/opensshserver.config file.

Sample Input on RHEL8:

CRYPTO_POLICY='-oCiphers=aes256-gcm@openssh.com,3des-cbc -oMACs=umac-128-etm@openssh.com'

Sample Input on RHEL9:

Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512

Examples

>>> 'CRYPTO_POLICY' in cp_os
True
>>> cp_os.options
{'Ciphers': 'aes256-gcm@openssh.com,3des-cbc', 'MACs': 'umac-128-etm@openssh.com'}
property options

return the configuratios as dict format

parse_content(content)[source]

This method must be implemented by classes based on this class.

class insights.parsers.crypto_policies.CryptoPoliciesStateCurrent(context)[source]

Bases: Parser

This parser reads the /etc/crypto-policies/state/current file. The contents of the file is a single-line value, available in the value property.

Sample Input:

LEGACY

Examples

>>> cp_sc.value
'LEGACY'
parse_content(content)[source]

This method must be implemented by classes based on this class.