From ebb1265eed0eb61f935911b37c78af4f609ce820 Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Tue, 17 Sep 2024 11:10:45 +0200
Subject: [PATCH] exclude more sssd related rules as they are being modified
 right now

---
 products/rhel10/profiles/anssi_bp28_enhanced.profile     | 6 +++++-
 products/rhel10/profiles/anssi_bp28_high.profile         | 6 +++++-
 products/rhel10/profiles/anssi_bp28_intermediary.profile | 6 +++++-
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/products/rhel10/profiles/anssi_bp28_enhanced.profile b/products/rhel10/profiles/anssi_bp28_enhanced.profile
index 2f06c6b4d19..49e359f7644 100644
--- a/products/rhel10/profiles/anssi_bp28_enhanced.profile
+++ b/products/rhel10/profiles/anssi_bp28_enhanced.profile
@@ -67,5 +67,9 @@ selections:
     - '!package_talk_removed'
     - '!package_xinetd_removed'
     - '!package_ypserv_removed'
-    # these rules are failing when they are remediated with Ansible, removing then temporarily until they are fixed
+    # these rules are failing when they are remediated with Ansible, removing them temporarily until they are fixed
     - '!accounts_password_pam_retry'
+    # These rules are being modified and they are causing trouble in their current state (R67)
+    - '!sssd_enable_pam_services'
+    - '!sssd_ldap_configure_tls_reqcert'
+    - '!sssd_ldap_start_tls'
diff --git a/products/rhel10/profiles/anssi_bp28_high.profile b/products/rhel10/profiles/anssi_bp28_high.profile
index 8be294a2a9e..57e5c02f1d1 100644
--- a/products/rhel10/profiles/anssi_bp28_high.profile
+++ b/products/rhel10/profiles/anssi_bp28_high.profile
@@ -71,5 +71,9 @@ selections:
     - '!package_talk_removed'
     - '!package_xinetd_removed'
     - '!package_ypserv_removed'
-    # these rules are failing when they are remediated with Ansible, removing then temporarily until they are fixed
+    # these rules are failing when they are remediated with Ansible, removing them temporarily until they are fixed
     - '!accounts_password_pam_retry'
+    # These rules are being modified and they are causing trouble in their current state (R67)
+    - '!sssd_enable_pam_services'
+    - '!sssd_ldap_configure_tls_reqcert'
+    - '!sssd_ldap_start_tls'
diff --git a/products/rhel10/profiles/anssi_bp28_intermediary.profile b/products/rhel10/profiles/anssi_bp28_intermediary.profile
index 0780c07abc7..23bac4936e5 100644
--- a/products/rhel10/profiles/anssi_bp28_intermediary.profile
+++ b/products/rhel10/profiles/anssi_bp28_intermediary.profile
@@ -47,5 +47,9 @@ selections:
     - '!package_talk_removed'
     - '!package_xinetd_removed'
     - '!package_ypserv_removed'
-    # these rules are failing when they are remediated with Ansible, removing then temporarily until they are fixed
+    # these rules are failing when they are remediated with Ansible, removing them temporarily until they are fixed
     - '!accounts_password_pam_retry'
+    # These rules are being modified and they are causing trouble in their current state (R67)
+    - '!sssd_enable_pam_services'
+    - '!sssd_ldap_configure_tls_reqcert'
+    - '!sssd_ldap_start_tls'