RHEL8 scap content

[guralhindu]

Hi,

Forgive me if this belongs elsewhere, I have a question about rhel8 stig playbook that I downloaded from this project.

How complete is it? Is it documented somewhere, as far as it's % complete for rhel8 stigs? I ran the playbook on a rhel8 machine, and the results were:

658 passed and 85 failed.

Some of the fails were very simple to remediate, such as sshd_idle timeout.

Are the failures due to the remediations not being present in the ssg-rhel8-ds.xml file?

If this is not the correct place to post, please advise. thanks.

[guralhindu]

Found my issue. Rookie mistake: The playbook failed on a task and stopped executing tasks. Then I found out why it failed. grub2-editenv -set failed because my grubenv file was not exactly 1024 bytes. You learn something new every day.

[yuumasato]

Hi @guralhindu, was the grub2-editenv file edited by a remediation from the playbook?

[guralhindu]

No I don't think so, but I can't remember exactly how that happened. I may have edited it directly by adding fips=1, but again, I'm not 100% sure. Anyway, the playbook worked great, finally got 720 PASSED and only 26 FAILED. Thanks to all the people who worked on this, you are heroes in my book!

[svbfromnl]

Hey, another rookie here trying to do the same. After running the playbook (I assume you're referring to https://github.com/RedHatOfficial/ansible-role-rhel8-stig, I run a Nesus scan using v1.5 of the DISA STIG and I get over 500 hits still. The playbook runs fine. I see it skipping a few tasks here and there (don't know why yet) but overall it completes just fine. No fails.
Am I missing a step or two?

[marcusburghardt]

Hi @svbfromnl , this meantime the respective Ansible role was updated. Could you give another try and update here, please?
https://galaxy.ansible.com/RedHatOfficial/rhel8_stig