From 200fe66f3964da5eb818ec435de744fc29967d53 Mon Sep 17 00:00:00 2001 From: Gabriel Becker Date: Thu, 9 Apr 2026 12:31:24 +0200 Subject: [PATCH] Make sure the sequoia package is installed across CIS profiles. The package might not be always installed by default and the fingerprint of PQC keys does not work properly. --- products/rhel10/controls/cis_rhel10.yml | 1 + tests/data/profile_stability/rhel10/cis.profile | 1 + tests/data/profile_stability/rhel10/cis_server_l1.profile | 1 + tests/data/profile_stability/rhel10/cis_workstation_l1.profile | 1 + tests/data/profile_stability/rhel10/cis_workstation_l2.profile | 1 + 5 files changed, 5 insertions(+) diff --git a/products/rhel10/controls/cis_rhel10.yml b/products/rhel10/controls/cis_rhel10.yml index 9ab136c4be7a..6211a0f802eb 100644 --- a/products/rhel10/controls/cis_rhel10.yml +++ b/products/rhel10/controls/cis_rhel10.yml @@ -369,6 +369,7 @@ controls: status: partial rules: - ensure_redhat_gpgkey_installed + - package_sequoia-sq_installed notes: > In CIS Benchmark, the requirement is manual, because of GPG keys for 3rd party repositories. But, add the rule ensure_redhat_gpgkey_installed to the profile because the requirement 1.2.1.2 diff --git a/tests/data/profile_stability/rhel10/cis.profile b/tests/data/profile_stability/rhel10/cis.profile index d59c4fb53bde..fe4b63d88e08 100644 --- a/tests/data/profile_stability/rhel10/cis.profile +++ b/tests/data/profile_stability/rhel10/cis.profile @@ -338,6 +338,7 @@ package_openldap-clients_removed package_pam_pwquality_installed package_rsync_removed package_samba_removed +package_sequoia-sq_installed package_setroubleshoot_removed package_squid_removed package_sudo_installed diff --git a/tests/data/profile_stability/rhel10/cis_server_l1.profile b/tests/data/profile_stability/rhel10/cis_server_l1.profile index 4eb3eeccf11e..1503013f7fdb 100644 --- a/tests/data/profile_stability/rhel10/cis_server_l1.profile +++ b/tests/data/profile_stability/rhel10/cis_server_l1.profile @@ -240,6 +240,7 @@ package_nginx_removed package_pam_pwquality_installed package_rsync_removed package_samba_removed +package_sequoia-sq_installed package_setroubleshoot_removed package_squid_removed package_sudo_installed diff --git a/tests/data/profile_stability/rhel10/cis_workstation_l1.profile b/tests/data/profile_stability/rhel10/cis_workstation_l1.profile index ee18ebf6b8ed..600a6fa6564c 100644 --- a/tests/data/profile_stability/rhel10/cis_workstation_l1.profile +++ b/tests/data/profile_stability/rhel10/cis_workstation_l1.profile @@ -236,6 +236,7 @@ package_nginx_removed package_pam_pwquality_installed package_rsync_removed package_samba_removed +package_sequoia-sq_installed package_squid_removed package_sudo_installed package_systemd-journal-remote_installed diff --git a/tests/data/profile_stability/rhel10/cis_workstation_l2.profile b/tests/data/profile_stability/rhel10/cis_workstation_l2.profile index 44b0fc37e7ec..c880de9adc24 100644 --- a/tests/data/profile_stability/rhel10/cis_workstation_l2.profile +++ b/tests/data/profile_stability/rhel10/cis_workstation_l2.profile @@ -337,6 +337,7 @@ package_openldap-clients_removed package_pam_pwquality_installed package_rsync_removed package_samba_removed +package_sequoia-sq_installed package_squid_removed package_sudo_installed package_systemd-journal-remote_installed