.Profiles for DISA STIG version v3r3
The Defense Information Systems Agency (DISA) has published an updated version of the Secure Technical Implementation Guide (STIG) for RHEL 7 version 3, release 3. The update available with the link:https://access.redhat.com/errata/RHBA-2021:2803[RHBA-2021:2803] advisory:
* Aligns all rules within the existing `xccdf_org.ssgproject.content_profile_stig` profile with the latest STIG release.
* Adds a new profile `xccdf_org.ssgproject.content_profile_stig_gui` for systems with a graphical user interface (GUI).
Verified for scap-security-guide-0.1.54-6.el7_9
Status of STIG profile v3r3:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rules without Bash and Ansible remediations (remediations are omitted on purpose):
grub2_password
package_MFEhiplsm_installed
install_antivirus
set_firewalld_default_zone
network_configure_name_resolution
Rules with missing Ansible remediations:
aide_verify_ext_attributes
aide_verify_acls
aide_use_fips_hashes
aide_scan_notification
configure_firewalld_ports
postfix_prevent_unrestricted_relay
chronyd_or_ntpd_set_maxpoll
smartcard_auth
Known issues:
rpm_verify_hashes - fails because rule require_singleuser_auth modifies /usr/lib/systemd/system/rescue.service
HTML report from scan of a system installed with STIG profile is attached as
stig.html (minimal install).
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2021:2803
Created attachment 1793472 [details] HTML report from scan of a system installed with STIG profile (minimal install)